Master Direction - Non-Banking Financial Company - Peer to Peer Lending Platform (Reserve Bank) Directions, 2017 (<span style="color: red">Updated as on September 09, 2024</span>) - ആർബിഐ - Reserve Bank of India
Master Direction - Non-Banking Financial Company - Peer to Peer Lending Platform (Reserve Bank) Directions, 2017 (Updated as on September 09, 2024)
updated-as-on:
- 2024-09-09
- 2024-08-16
- 2022-12-29
- 2022-09-29
- 2021-10-05
- 2019-12-23
- 2019-11-22
- 2018-02-23
- 2017-11-09
- 2017-10-04
RBI/DNBR/2017-18/57 October 04, 2017 Master Direction - Non-Banking Financial Company – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017 The Reserve Bank of India, (the Reserve Bank) issued a Notification No DNBR.045/CGM (CDS)-2017 dated August 24, 2017 in terms of sub-clause (iii) of clause (f) of section 45I of the Reserve Bank of India Act, 1934 and on being satisfied that it is necessary to do so, in exercise of the powers conferred under section 45IA, 45JA, 45L,and 45M of the Reserve Bank of India Act, 1934, and of all the powers enabling it in this behalf, hereby issues these Directions for compliance of the same by every Non-Banking Financial Company that carries on the business of a Peer to Peer Lending Platform. 1. Short title and commencement of the Directions: (1) These Directions shall be known as the Non-Banking Financial Company – Peer to Peer Lending Platform (Reserve Bank) Directions, 2017. (2) These Directions shall come into force with immediate effect. 2. Applicability of the Directions These Directions shall apply to every Non-Banking Financial Company- Peer to Peer Lending Platform (NBFC-P2P) as defined in these Directions. 2A. 1Regulatory Structure under Scale Based Regulation for NBFCs Regulatory structure for NBFCs shall comprise of four layers based on their size, activity and perceived riskiness. NBFCs in the lowest layer shall be known as NBFCs-Base Layer. NBFCs in Middle Layer and Upper Layer shall be known as NBFCs-Middle Layer and NBFCs-Upper Layer respectively. Top Layer is ideally expected to be empty and NBFCs in that layer will be known as NBFCs-Top Layer. NBFC-P2P shall always remain in the Base Layer of the regulatory structure. 3. Scope These Directions provide a framework for the registration and operation of NBFC-P2Ps in India. 4. Definitions (1) In these Directions, unless the context otherwise requires, the terms used herein shall bear the meanings assigned to them below — (i) “Company” means a company as defined in clause (20) of section 2 of the Companies Act, 2013; (ii) “Leverage Ratio” means the Total Outside Liabilities divided by Owned Funds, of the NBFC-P2P. (iii) “Nonperforming asset” (NPA) means a loan where interest and/ or installment of principal remain overdue for a period of more than 90 days. (iv) “Participant” means a person who has entered into an arrangement with an NBFC-P2P to lend on it or to avail of loan facilitation services provided by it; (v) “Peer to Peer Lending Platform” means an intermediary providing the services of loan facilitation via online medium or otherwise, to the participants as defined at Item (iv) of sub-paragraph (1) of paragraph 4 of these directions; (vi) “Non-banking financial company - Peer to Peer Lending Platform” (NBFC-P2P) means a non-banking institution which carries on the business of a Peer to Peer Lending Platform. (2) Words or expressions used in these Directions but not defined herein and defined in the Reserve Bank of India Act, 1934 or in the Companies Act, 2013 shall have the same meaning as assigned to them under those Acts. 5. Registration (1) Eligibility Criteria (i) No non-banking institution other than a company shall undertake the business of Peer to Peer Lending Platform. (ii) No NBFC-P2P shall commence or carry on the business of a Peer to Peer Lending Platform without obtaining a Certificate of Registration (CoR) from the Reserve Bank. Provided that an entity carrying on the business of a Peer-to-Peer Lending Platform as on the effective date of these directions, can continue to do so, subject to the conditions laid down in sub-paragraph (2)(vii) in this Paragraph. (iii) Every company seeking registration with the Reserve Bank as an NBFC-P2P shall have a net owned fund of not less than rupees two crore or such higher amount as the Reserve Bank may specify. (2) Process of Registration (i) Every existing and prospective NBFC-P2P shall make an application for registration to the Central Office of Department of Regulation of the Reserve Bank, in the form which will be specified by the Reserve Bank for the purpose. Existing NBFC-P2Ps shall apply within three months from the issuance of these Directions. (ii) The Reserve Bank, for the purpose of considering the application for registration, shall require the following conditions, among others, to be fulfilled:
In case of prospective NBFC-P2Ps (iii) The Reserve Bank may, after being satisfied that the conditions specified under paragraph 5(2)(ii) are fulfilled, grant in-principle approval for setting up of a Peer to Peer Lending Platform, subject to such conditions which it may consider fit to impose. (iv) The validity of the in-principle approval issued by the Reserve Bank will be twelve months from the date of granting such in-principle approval. (v) Within the period of twelve months, the company shall put in place the technology platform, enter into all other legal documentations required and report position of compliance with the terms of grant of in-principle approval to the Reserve Bank. (vi) The Reserve Bank may, after being satisfied that the entity is ready to commence operations, grant a CoR to function as an NBFC–P2P, subject to conditions as deemed fit by the Reserve Bank. In case of existing NBFC-P2Ps (vii) Companies that are undertaking the business of Peer to Peer Lending Platform, as defined at paragraph 4(1)(v) of these directions, as on the date of effect of these directions, shall apply for registration as an NBFC-P2P to the Reserve Bank within 3 months from that date. Such companies, which have applied to the Reserve Bank for registration as an NBFC-P2P, shall be permitted to continue the business of a Peer to Peer Lending Platform till their application for issuance of CoR is rejected, subject to such conditions, including winding down of business, as the Reserve Bank may impose. (viii) The Reserve Bank may cancel the CoR granted to an NBFC-P2P, if such company –
(3) Investment from FATF non-compliant jurisdictions2 (i) Investments in NBFC-P2Ps from FATF non-compliant jurisdictions shall not be treated at par with that from the compliant3 jurisdictions. New investors from or through non-compliant FATF jurisdictions, whether in existing NBFC-P2P or in companies seeking CoR, should not be allowed to directly or indirectly acquire ‘significant influence’ in the investee, as defined in the applicable accounting standards. In other words, fresh investors (directly or indirectly) from such jurisdictions in aggregate should be less than the threshold of 20 per cent of the voting power (including potential4 voting power) of the NBFC-P2P. (ii) Investors in existing NBFC-P2P holding their investments prior to the classification of the source or intermediate jurisdiction/s as FATF non-compliant, may continue with the investments or bring in additional investments as per extant regulations so as to support continuity of business in India. 6. Scope of Activities (1) An NBFC-P2P shall -
(2) Further, NBFC-P2P shall-
(3) NBFC-P2P shall not undertake any activity other than those stated in paras 6(1) and 6(2) of these Directions. Deployment of investible funds by an NBFC-P2P in instruments specified by the Reserve Bank, not for trading, shall however be permitted. 7. Prudential Norms (1) NBFC-P2P shall maintain a Leverage Ratio not exceeding 2. (2) The aggregate exposure of a lender to all borrowers at any point of time, across all P2P platforms, shall be subject to a cap of Rs.50,00,000 provided that the amount lent by the lenders on P2P platforms is consistent with their net-worth. In case, the amount lent by a lender is more than Rs.10,00,000 across P2P platforms, the lender shall produce a certificate to P2P platforms from a practicing Chartered Accountant certifying minimum net-worth of Rs.50,00,000. (3) The aggregate loans taken by a borrower at any point of time, across all P2Ps, shall be subject to a cap of ₹10,00,000/-. (4) The exposure of a single lender to the same borrower, across all P2Ps, shall not exceed ₹50,000/-. (5) The maturity of the loans shall not exceed 36 months. (6) P2Ps shall obtain a certificate from the borrower or lender, as applicable, that the limits prescribed above are being adhered to. 7A. Declaration of dividends5 NBFC-P2Ps shall comply with the following guidelines to declare dividends. (1) The Board of Directors, while considering the proposals for dividend, shall take into account each of the following aspects:
(2) NBFC-P2Ps that meet the following minimum prudential requirements shall be eligible to declare dividend:
(3) NBFC-P2Ps that meet the eligibility criteria specified in paragraph 7A(2) above can declare dividend upto a dividend payout ratio of 50 per cent. There will be no ceiling on dividend payout ratio for eligible NBFC-P2Ps that do not accept public funds. (4) An NBFC-P2P which does not meet the applicable leverage ratio requirements as above, for each of the last three financial years, shall be eligible to declare dividend, subject to a cap of 10 per cent on the dividend payout ratio, provided the NBFC-P2P meets the applicable leverage ratio requirement, as per this Master Direction, in the financial year for which it proposes to pay dividend. (5) The Board shall ensure that the total dividend proposed for the financial year does not exceed the ceilings specified in these guidelines. The Reserve Bank shall not entertain any request for ad-hoc dispensation on declaration of dividend. (6) NBFC-P2Ps declaring dividend shall report details of dividend declared during the financial year as per the format prescribed below.
The report shall be furnished within a fortnight after declaration of dividend to the Regional Office of the Department of Supervision of the Reserve Bank. 8. Operational Guidelines (1) NBFC-P2P shall have a Board approved policy in place -
(2) The outsourcing of any activity by NBFC-P2P does not diminish its obligations and it shall be responsible for the actions of its service providers including recovery agents and the confidentiality of information pertaining to the participant that is available with the service providers. (3) No loan shall be disbursed unless the lenders and the borrowers have been matched/ mapped as per the board approved policy framed in terms of paragraph 8(1)(iii), the individual lender(s) have approved the individual recipient(s) of the loan, and all concerned participants have signed the loan contract. (4) The pricing policy shall be objective and NBFC-P2Ps shall disclose the fees liable to be charged, ab initio, i.e., at the time of lending itself. The fees shall be a fixed amount or a fixed proportion of the principal amount involved in the lending transaction. The fees shall not be dependent upon the repayment by the borrower(s). (5) The practice of matching/ mapping the participants within a closed user group, whether sourced through an outsourced agency or otherwise, is not permitted. Examples of 'closed user group' include borrowers/lenders sourced through an affiliate/service provider to the NBFC-P2P. 9. Funds Transfer Mechanism (i) Fund transfer between the participants on the Peer to Peer Lending Platform shall be through escrow account mechanisms which will be operated by a bank promoted trustee. At least two escrow accounts, one for funds received from lenders and pending disbursal (i.e., Lenders' escrow Account), and the other for collections from borrowers (i.e., Borrowers' escrow Account), shall be maintained. Under this prescribed funds transfer mechanism, funds from the lenders' bank accounts shall only be transferred to the Lenders' Escrow Account and shall only be disbursed to the specific borrower's bank account after ensuring compliance to the paragraph 8(3) of these Directions. The borrower shall transfer the amount towards repayment of loan from his bank account to the Borrowers' Escrow Account, from where the funds shall only be transferred to the respective lender's bank account. Funds from 'Lenders' Escrow Account' shall not be used for repayment of loans and funds from 'Borrowers' Escrow Account' shall not be used for disbursement of loans. All fund transfers shall be through and from bank accounts and cash transactions are strictly prohibited. The mechanism as described in the Annex-I shall be adopted by the NBFC-P2P. (ii) The funds transferred into the Lenders' Escrow Account and Borrowers' Escrow Account shall not remain in these Escrow Accounts for a period exceeding 'T+1' day, where 'T' is the date on which the funds are received in these Escrow Accounts. This provision shall become effective from November 15, 2024. 10. Submission of data to Credit Information Companies (CICs) (1) An NBFC-P2P shall become member of all CICs and submit data (including historical data) to them. (2) NBFC-P2P shall: (i) keep the credit information (relating to borrower transactions on the platform) maintained by it, updated regularly on a monthly basis or at such shorter intervals as may be mutually agreed upon between the NBFC-P2P and the CICs; (i)(a) With effect from January 01, 2025, keep the credit information collected/maintained by it updated regularly on a fortnightly basis (i.e., as on 15th and last day of the respective month) or at such shorter intervals as mutually agreed upon between NBFC-P2P and the CIC. The fortnightly submission of credit information by NBFC-P2P to the CICs shall be ensured within seven calendar days of the relevant reporting fortnight. However, NBFC-P2P are encouraged to give effect to these instructions as expeditiously as feasible but not later than January 01, 2025; (ii) take all such steps which may be necessary to ensure that the credit information furnished by it is up to date, accurate and complete; (iii) include necessary consents in the agreement with the participants for providing the required credit information; (3) NBFC-P2P shall comply with the directions on compensation to customers for delayed updation/ rectification of credit information issued vide circular DoR.FIN.REC.48/20.16.003/2023-24 dated October 26, 2023, as amended from time to time. (4) NBFC-P2P shall comply with the directions on strengthening of customer service rendered by CICs and Credit Institutions issued vide circular DoR.FIN.REC.49/20.16.003/2023-24 dated October 26, 2023, as amended from time to time. 11. Transparency and Disclosure Requirements (1) An NBFC-P2P shall be required to disclose the following: (i) to the lender
(ii) to the borrower - details about the lender/s including proposed amount, interest rate offered but excluding personal identity and contact details; (iii) publicly disclose on its website:
(1A) 7NBFC-P2P shall also comply with the disclosure requirements specified in Section I of Annex VII of the Master Direction – Reserve Bank of India (Non-Banking Financial Company – Scale Based Regulation) Directions, 2023 (read with General instructions for such disclosures contained in Annex VII), as amended from time to time. These disclosures are in addition to and not in substitution of the disclosure requirements specified under other laws, regulations, or accounting and financial reporting standards. More comprehensive disclosures than the minimum required are encouraged, especially if such disclosures significantly aid in the understanding of the financial position and performance. (2) NBFC-P2P shall ensure that the providing of services to a participant, who has applied for availing of such services, is backed by appropriate agreements between the participants and the NBFC-P2P. The agreements shall categorically specify all the terms and conditions among the borrower, the lender and the NBFC-P2P. (3) The interest rates displayed on the platform shall be in Annualized Percentage Rate (APR) format. (4) NBFC-P2P shall explicitly and prominently mention its name (as mentioned in the Certificate of Registration) along with its brand name, if any, in all its touch points/ customer interfaces including promotional material and any communication with stakeholders/ participants. 12. Fair Practices Code (1) An NBFC-P2P shall put in place a Fair Practices Code, based on the Guidelines outlined herein, with the approval of its Board. The same should be put up on its website, for the information of various stakeholders. (2) NBFC-P2P shall be required to obtain explicit declaration from the lender stating that he/ she has understood all the risks associated with the lending transactions and that P2P platform does not assure return of principal/payment of interest. The declaration shall also state that there exists a likelihood of loss of entire principal in case of default by a borrower. The P2P platform shall not provide any assurance or guarantee for the recovery of loans. Further, the P2P platform shall not promote peer to peer lending as an investment product with features like tenure linked assured minimum returns, liquidity options, etc. (3) In the matter of recovery of loans, NBFC-P2P shall ensure that the staff are adequately trained to deal with the participants in an appropriate manner and shall not resort to harassment viz; persistently bothering the borrowers at odd hours, use of coercion for recovery of loans, etc. (4) NBFC-P2P shall ensure that any information relating to the participants received by it is not disclosed to any third party without the consent of the participants. (5) The Board of Directors shall also provide for periodic review of the compliance of the Fair Practices Code and the functioning of the grievances redressal mechanism at various levels of management. A consolidated report of such reviews shall be submitted to the Board at regular intervals, as may be prescribed by it. (6) The platform shall display a caveat prominently on its website, mobile/web applications including any other promotional material used by it that "It is an NBFC-P2P lending platform registered with the Reserve Bank. However, Reserve Bank does not accept any responsibility for the correctness of any of the statements or representations made or opinions expressed by the NBFC-P2P and does not provide any assurance for repayment of the loans lent on it". 13. Participant Grievance Redressal (1) An NBFC-P2P shall put in place a Board approved policy to address participant grievances/complaints. Complaints shall be handled/ disposed of by NBFC-P2P within such time and in such manner as provided for in its Board approved policy, but in any case not beyond a period of one month from the date of receipt. (2) At the operational level, NBFC-P2P shall display the following information prominently, for the benefit of participants, on the website: (i) the name and contact details (Telephone / Mobile Nos. as also email address) of the Grievance Redressal Officer who can be approached for resolution of complaints against the NBFC-P2P. (ii) that if the complaint / dispute is not redressed within a period of one month, the participant may appeal to the Customer Education and Protection Department of the Bank. 13A. Reserve Bank – Integrated Ombudsman Scheme, 2021 NBFCs covered under the Reserve Bank – Integrated Ombudsman Scheme, 2021 (RBIOS, 2021) shall comply with the directions provided under the said Scheme. 14. Information Technology Framework, Data Security and Business Continuity Plan (1) Business of an NBFC-P2P shall be primarily Information Technology (IT) driven. The technology should be scalable to handle growth in business. (2) There should be adequate safeguards built in its IT systems to ensure that it is protected against unauthorized access, alteration, destruction, disclosure or dissemination of records and data. The Reserve Bank may from time to time, prescribe technical specifications, as deemed fit. (3) NBFC-P2P should have a Board approved Business Continuity Plan in place for safekeeping of information and documents and servicing of loans for full tenure in case of closure of platform. (4) Information System Audit of the internal systems and processes shall be in place and shall be conducted at least once in two years by CISA certified external auditors. Report of the external auditor shall be submitted to the Regional Office of the Department of Supervision of the Reserve Bank, under whose jurisdiction the Registered Office of the NBFC-P2P is located, within one month of submission of the report by the external auditor. (5) There shall be reasonable arrangements in place to ensure that loan agreements facilitated on the platform will continue to be managed and administered by a third party in accordance with the contract terms, if the NBFC-P2P ceases to carry on the P2P activity. (6) NBFC-P2P shall comply with Master Direction on Information Technology Governance, Risk, Controls and Assurance Practices dated November 07, 2023 (as amended from time to time). 14A. Guidance Note on Operational Risk Management and Operational Resilience NBFC-P2P may make use of the ‘Guidance Note on Operational Risk Management and Operational Resilience’ dated April 30, 2024, as amended from time to time. 15. Fit and Proper Criteria (1) An NBFC-P2P shall (i) ensure that a policy is put in place, with the approval of the Board of Directors, setting out ‘Fit and Proper’ criteria to be met by its directors. These criteria shall be consistent with the requirements contained in Annexes II to IV; (ii) ensure that Directors meet the fit and proper criteria at the time of their appointment and on an ongoing basis, certify and inform the same to the Reserve Bank on a half-yearly basis; (iii) obtain a declaration and undertaking from the Directors giving additional information. The declaration and undertaking shall be on the lines of the format given in Annex III; (iv) obtain a Deed of Covenants signed by the Directors, which shall be in the format as given in Annex IV; (v) advise the Reserve Bank of any change of Directors, or key management personnel, and issue a certificate from the Managing Director/CEO of the NBFC-P2P that fit and proper criteria in selection of the Directors have been followed. The statement must reach the Regional Office of the Department of Supervision of the Reserve Bank under whose jurisdiction the Registered Office of the NBFC-P2P is located, within 15 days of the change. An annual statement shall be submitted by the CEO of the NBFC-P2P to the said Regional Office, giving the names of its Directors for the quarter ending on March 31, which should be certified by the auditors. The Reserve Bank, if it deems fit and in public interest, may independently assess whether the directors are, individually or collectively, fit and proper and the NBFC-P2P shall remove the concerned director/s, on being advised by the Reserve Bank to do so. 15A. 8Experience of the Board Considering the need for professional experience in managing the affairs of the NBFC-P2P, at least one of the directors shall have relevant experience of having worked in a bank/NBFC. 15B. Risk Management Committee In order that the Board is able to focus on risk management, NBFC-P2P shall constitute a Risk Management Committee (RMC) either at the Board or executive level. RMC shall be responsible for evaluating the overall risks faced by the NBFC-P2P and shall report to the Board. 16. Requirement to obtain prior approval of the Reserve Bank for allotment of shares, acquisition or transfer of control of NBFC-P2P (1) Prior written permission of the Reserve Bank shall be required for – (i) any allotment of shares which will take the aggregate holding of an individual or group to equivalent of 26 per cent and more of the paid-up capital of the NBFC-P2P; Explanation: For the purpose of this paragraph, the term
(ii) any takeover or acquisition of control of an NBFC-P2P, which may or may not result in change of management; (iii) any change in the shareholding of an NBFC-P2P, including progressive increases over time, which would result in acquisition by/ transfer of shareholding to, any entity, of 26 per cent or more of the paid-up equity capital of the NBFC-P2P; Provided that, prior approval would not be required in case of any shareholding going beyond 26 per cent due to buyback of shares / reduction in capital where it has approval of a competent Court. The same is to be reported to the Reserve Bank not later than one month from its occurrence; (iv) any change in the management of the NBFC-P2P which would result in change in more than 30 per cent of the Directors, excluding independent Directors; (v) any change in shareholding that will give the acquirer a right to nominate a Director. Application for Prior Approval (2) An NBFC-P2P shall submit an application, on the company letterhead, for obtaining prior approval of the Reserve Bank, along with the following documents: (i) Information about the proposed Directors/ shareholders as per Annex V; (ii) Sources of funds of the proposed shareholders acquiring the shares in the NBFC-P2P; (iii) Declaration by the proposed Directors/ shareholders that they are not associated with any unincorporated body that is accepting deposits; (iv) Declaration by the proposed Directors/ shareholders that they are not associated with any company, the application for CoR of which has been rejected by the Reserve Bank; (v) Declaration by the proposed Directors/ shareholders that they have not been convicted of any crime and that there are no pending criminal cases against them, including proceedings initiated under section 138 of the Negotiable Instruments Act,1881; and (vi) Bankers' Report on the proposed Directors/ shareholders. (3) Applications in this regard shall be submitted to the Regional Office of the Department of Supervision of the Reserve Bank where the company is registered. Public Notice about Change in Control/ Management (4) A public notice of at least 30 days shall be given before effecting the sale of, or transfer of the ownership by sale of shares, or transfer of control, whether with or without sale of shares. Such public notice shall be given by the NBFC-P2P and also by the other party or jointly by the parties concerned, after obtaining the prior permission of the Reserve Bank. (5) The public notice shall indicate the intention to sell or transfer ownership/control, the particulars of transferee and the reasons for such sale or transfer of ownership/ control. The notice shall be published in at least one leading national and in one leading local (covering the place of registered office) vernacular newspaper. Information with respect to change of address, directors, auditors, etc. to be submitted (6) Every NBFC-P2P shall communicate, not later than one month from the occurrence of any change in: (i) the complete postal address, telephone number/s and fax number/s of the registered / corporate office; (ii) the residential addresses of the Directors of the company; (iii) the names and office address of the auditors of the company; and (iv) the specimen signatures of the officers authorised to sign on behalf of the NBFC-P2Pto the Regional Office of the Department of Supervision of the Bank within whose jurisdiction the Registered Office of the NBFC-P2P is located. Investment from FATF non-compliant jurisdictions (7) NBFC-P2P shall also ensure compliance to the instructions as specified in the Paragraph 5(3) of these directions. 17. Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFC-P2P. NBFC-P2P shall conduct a self-assessment of their existing outsourcing arrangements and bring these in line with the directions as provided at Annex VI. 18. Technical Specifications for all participants of the Account Aggregator ecosystem The NBFC-Account Aggregator (AA) consolidates financial information, as defined in paragraph 3(1)(ix) of Master Direction-Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016, of a customer held with different financial entities, spread across financial sector regulators adopting different IT systems and interfaces. In order to ensure that such movement of data is secured, duly authorised, smooth and seamless, it has been decided to put in place a set of core technical specifications for the participants of the AA ecosystem. Reserve Bank Information Technology Private Limited (ReBIT), has framed these specifications and published the same on its website (www.rebit.org.in). Applicable NBFCs acting either as Financial Information Providers (FIP)9 or Financial Information Users (FIU) are expected to adopt the technical specifications published by ReBIT, as updated from time to time. 19. Reporting Requirements (1) The Reserve Bank may, from time to time, prescribe return/s to be submitted by NBFC-P2P, as it deems fit. (2) The following quarterly statements shall be submitted to the aforesaid Regional Office within 15 days after the quarter to which these relate. (i) A statement, showing the number and amount in respect of loans;
(ii) The amount of funds held in the Escrow Account, bifurcated into funds received from lenders and funds received from borrowers, with credit and debit summations for the quarter. (iii) Number of complaints outstanding at beginning and at end of quarter, and disposed of during the quarter, bifurcated as received from
(iv) The Leverage Ratio, with details of its numerator and denominator. 20. Supervision The Reserve Bank may, at any time, cause an inspection by one or more of its officers or employees, or by any other agency as Reserve Bank may deem fit, of any NBFC-P2P. 21. Exemptions The Reserve Bank may, if it considers necessary for avoiding any hardship or for any other just and sufficient reason, grant extension of time to comply with or exempt any NBFC-P2P or class of NBFC-P2Ps or all NBFC-P2Ps, from all or any of the provisions of these Directions, either generally or specially, and subject to such conditions as it may impose. 22. Clarifications If any question arises relating to the interpretation of these directions, the matter shall be referred to the Reserve Bank and the decision of the Reserve Bank shall be final. (J. P. Sharma) ‘Fit and Proper’ Criteria for Directors of NBFC-P2Ps NBFC-P2Ps are advised to ensure that the procedures mentioned below are followed and minimum criteria fulfilled by the persons before they are appointed on the Boards:
Name of NBFC-P2P: ________________________
Form of Deed of Covenant with a Director THIS DEED OF COVENANTS is made this ______ day of ________Two thousand _____ BETWEEN _______________, having its registered office at ____________ (hereinafter called the “NBFC-P2P") of the one part and Mr / Ms_____________ of ______________ (hereinafter called the "Director") of the other part. WHEREAS A. The director has been appointed as a director on the Board of Directors of the NBFC-P2P (hereinafter called "the Board") and is required as a term of his / her appointment to enter into a Deed of Covenants with the NBFC-P2P. B. The director has agreed to enter into this Deed of Covenants, which has been approved by the Board, pursuant to his said terms of appointment. NOW IT IS HEREBY AGREED AND THIS DEED OF COVENANTS WITNESSETH AS FOLLOWS: 1. The Director acknowledges that his / her appointment as director on the Board of the NBFC-P2P is subject to applicable laws and regulations including the Memorandum and Articles of Association of the NBFC-P2P and the provisions of this Deed of Covenants. 2. The Director covenants with the NBFC-P2P that: (i) The Director shall disclose to the Board the nature of his / her interest, direct or indirect, if he / she has any interest in or is concerned with a contract or arrangement or any proposed contract or arrangement entered into or to be entered into between the NBFC-P2P and any other entity, immediately upon becoming aware of the same or at meeting of the Board at which the question of entering into such contract or arrangement is taken into consideration or if the director was not at the date of that meeting concerned or interested in such proposed contract or arrangement, then at the first meeting of the Board held after he / she becomes so concerned or interested and in case of any other contract or arrangement, the required disclosure shall be made at the first meeting of the Board held after the Director becomes concerned or interested in the contract or arrangement. (ii) The Director shall disclose by general notice to the Board his / her other directorships, his / her memberships of bodies corporate, his / her interest in other entities and his / her interest as a partner or proprietor of firms and shall keep the Board apprised of all changes therein. (iii) The Director shall provide to the NBFC-P2P a list of his / her relatives as defined in the Companies Act, 2013 and to the extent the Director is aware of directorships and interests of such relatives in other bodies corporate, firms and other entities. (iv) The Director shall in carrying on his / her duties as director of the NBFC-P2P:
(v) The Director shall have:
(vi) The Director shall:
3. The NBFC-P2P covenants with the Director that: (i) the NBFC-P2P shall apprise the Director about:
(ii) the NBFC-P2P shall disclose and provide to the Board including the director all information which is reasonably required for them to carry out their functions and duties as a Director of the NBFC-P2P and to take informed decisions in respect of matters brought before the Board for its consideration or entrusted to the director by the Board or any committee thereof; (iii) the disclosures to be made by the NBFC-P2P to the Directors shall include but not be limited to the following:
(iv) the NBFC-P2P shall communicate outcome of Board deliberations to Directors and concerned personnel and prepare and circulate minutes of the meeting of Board to Directors in a timely manner and to the extent possible within two business days of the date of conclusion of the Board meeting; and (v) advise the Director about the levels of authority delegated in matters placed before the Board. 4. The NBFC-P2P shall provide to the director periodic reports on the functioning of internal control system including effectiveness thereof. 5. The NBFC-P2P shall appoint a compliance officer who shall be a senior executive reporting to the Board and be responsible for setting forth policies and procedures and shall monitor adherence to the applicable laws and regulations and policies and procedures including but not limited to directions of Reserve Bank of India and other concerned statutory and governmental authorities. 6. The Director shall not assign, transfer, sublet or encumber his / her office and his / her rights and obligations as director of the NBFC-P2P to any third party provided that nothing herein contained shall be construed to prohibit delegation of any authority, power, function or delegation by the Board or any committee thereof subject to applicable laws and regulations including Memorandum and Articles of Association of the NBFC-P2P. 7.The failure on the part of either party hereto to perform, discharge, observe or comply with any obligation or duty shall not be deemed to be a waiver thereof nor shall it operate as a bar to the performance, observance, discharge or compliance thereof at any time or times thereafter. 8. Any and all amendments and / or supplements and / or alterations to this Deed of Covenants shall be valid and effectual only if in writing and signed by the Director and the duly authorised representative of the NBFC-P2P. 9. This Deed of Covenants has been executed in duplicate and both the copies shall be deemed to be originals. IN WITNESS WHEREOF THE PARTIES HAVE DULY EXECUTED THIS AGREEMENT ON THE DAY, MONTH AND YEAR FIRST ABOVE WRITTEN.
Directions on Managing Risks and Code of Conduct in Outsourcing of Financial Services by NBFC-P2P 1. Introduction 1.1 'Outsourcing' is defined as the NBFC’s use of a third party (either an affiliated entity within a corporate group or an entity that is external to the corporate group) to perform activities on a continuing basis that would normally be undertaken by the NBFC itself, now or in the future. ‘Continuing basis' includes agreements for a limited period. 1.2 NBFCs have been outsourcing various activities and are hence exposed to various risks as detailed in para 5.3. Further, the outsourced activities are to be brought within regulatory purview to a) protect the interest of the customers of NBFCs and b) to ensure that the NBFC concerned and the Reserve Bank of India have access to all relevant books, records and information available with service provider. Typically outsourced financial services include applications processing (loan origination, credit card), document processing, marketing and research, supervision of loans, data processing and back office related activities, besides others. 1.3 Some key risks in outsourcing are Strategic Risk, Reputation Risk, Compliance Risk, Operational Risk, Legal Risk, Exit Strategy Risk, Counterparty Risk, Country Risk, Contractual Risk, Access Risk, Concentration and Systemic Risk. The failure of a service provider in providing a specified service, a breach in security/ confidentiality, or non-compliance with legal and regulatory requirements by the service provider can lead to financial losses or loss of reputation for the NBFC and could also lead to systemic risks. 1.4 It is therefore imperative for the NBFC outsourcing its activities to ensure sound and responsive risk management practices for effective oversight, due diligence and management of risks arising from such outsourced activities. The directions are applicable to material outsourcing arrangements as explained in para 3 which may be entered into by an NBFC with a service provider located in India or elsewhere. The service provider may either be a member of the group/ conglomerate to which the NBFC belongs, or an unrelated party. 1.5 The underlying principles behind these directions are that the regulated entity shall ensure that outsourcing arrangements neither diminish its ability to fulfil its obligations to customers and RBI nor impede effective supervision by RBI. NBFCs, therefore, have to take steps to ensure that the service provider employs the same high standard of care in performing the services as is expected to be employed by the NBFCs, if the activities were conducted within the NBFCs and not outsourced. Accordingly, NBFCs shall not engage in outsourcing that would result in their internal control, business conduct or reputation being compromised or weakened. 1.6 (i) These directions are concerned with managing risks in outsourcing of financial services and are not applicable to technology-related issues and activities not related to financial services, such as usage of courier, catering of staff, housekeeping and janitorial services, security of the premises, movement and archiving of records, etc. NBFCs which desire to outsource financial services would not require prior approval from RBI. However, such arrangements would be subject to on-site/ off- site monitoring and inspection/ scrutiny by RBI. (ii) In regard to outsourced services relating to credit cards, RBI's detailed instructions contained in its circular on credit card activities vide DBOD.FSD.BC.49/24.01.011/2005-06 dated November 21, 2005 would be applicable. 2. Activities that shall not be outsourced NBFC-P2Ps which choose to outsource any of their functions shall, however, not outsource core management functions including Internal Audit, Strategic and Compliance functions, pricing of services/ fees to be charged to borrowers/ lenders and decision-making functions such as determining compliance with KYC norms. However, for NBFC-P2Ps in a group/conglomerate, these functions may be outsourced within the group subject to compliance with instructions in Para 6. Further, while internal audit function itself is a management process, the internal auditors can be on contract. 3. Material Outsourcing For the purpose of these directions, material outsourcing arrangements are those which, if disrupted, have the potential to significantly impact the business operations, reputation, profitability or customer service. Materiality of outsourcing would be based on:
4. NBFC's role and Regulatory and Supervisory Requirements 4.1 The outsourcing of any activity by NBFC does not diminish its obligations, and those of its Board and senior management, who have the ultimate responsibility for the outsourced activity. NBFCs would therefore be responsible for the actions of their service provider including Direct Sales Agents/ Direct Marketing Agents and recovery agents and the confidentiality of information pertaining to the customers that is available with the service provider. NBFCs shall retain ultimate control of the outsourced activity. 4.2 It is imperative for the NBFC, when performing its due diligence in relation to outsourcing, to consider all relevant laws, regulations, guidelines and conditions of approval, licensing or registration. 4.3 Outsourcing arrangements shall not affect the rights of a customer against the NBFC, including the ability of the customer to obtain redress as applicable under relevant laws. In cases where the customers are required to deal with the service providers in the process of dealing with the NBFC, NBFCs shall incorporate a clause in the relative product literature/ brochures, etc., stating that they may use the services of agents in sales/ marketing etc. of the products. The role of agents may be indicated in broad terms. 4.4 The service provider shall not impede or interfere with the ability of the NBFC to effectively oversee and manage its activities nor shall it impede the Reserve Bank of India in carrying out its supervisory functions and objectives. 4.5 NBFCs need to have a robust grievance redress mechanism, which in no way shall be compromised on account of outsourcing. 4.6 The service provider, if not a group company of the NBFC, shall not be owned or controlled by any director of the NBFC or their relatives; these terms have the same meaning as assigned under Companies Act, 2013. 5. Risk Management practices for Outsourced Financial Services 5.1 Outsourcing Policy An NBFC intending to outsource any of its financial activities shall put in place a comprehensive outsourcing policy, approved by its Board, which incorporates, inter alia, criteria for selection of such activities as well as service providers, delegation of authority depending on risks and materiality and systems to monitor and review the operations of these activities. 5.2 Role of the Board and Senior Management 5.2.1 Role of the Board The Board of the NBFC, or a Committee of the Board to which powers have been delegated shall be responsible inter alia for the following: i. approving a framework to evaluate the risks and materiality of all existing and prospective outsourcing and the policies that apply to such arrangements; ii. laying down appropriate approval authorities for outsourcing depending on risks and materiality; iii. setting up suitable administrative framework of senior management for the purpose of these directions; iv. undertaking regular review of outsourcing strategies and arrangements for their continued relevance, and safety and soundness and v. deciding on business activities of a material nature to be outsourced, and approving such arrangements. 5.2.2 Responsibilities of the Senior Management i. Evaluating the risks and materiality of all existing and prospective outsourcing, based on the framework approved by the Board; ii. developing and implementing sound and prudent outsourcing policies and procedures commensurate with the nature, scope and complexity of the outsourcing activity; iii. reviewing periodically the effectiveness of policies and procedures; iv. communicating information pertaining to material outsourcing risks to the Board in a timely manner; v. ensuring that contingency plans, based on realistic and probable disruptive scenarios, are in place and tested; vi. ensuring that there is independent review and audit for compliance with set policies and vii. undertaking periodic review of outsourcing arrangements to identify new material outsourcing risks as they arise. 5.3 Evaluation of the Risks The NBFCs shall evaluate and guard against the following risks in outsourcing: i. Strategic Risk – Where the service provider conducts business on its own behalf, inconsistent with the overall strategic goals of the NBFC. ii. Reputation Risk – Where the service provided is poor and customer interaction is not consistent with the overall standards expected of the NBFC. iii. Compliance Risk – Where privacy, consumer and prudential laws are not adequately complied with by the service provider. iv. Operational Risk- Arising out of technology failure, fraud, error, inadequate financial capacity to fulfil obligations and/ or to provide remedies. v. Legal Risk – Where the NBFC is subjected to fines, penalties, or punitive damages resulting from supervisory actions, as well as private settlements due to omissions and commissions of the service provider. vi. Exit Strategy Risk – Where the NBFC is over-reliant on one firm, the loss of relevant skills in the NBFC itself preventing it from bringing the activity back in-house and where NBFC has entered into contracts that make speedy exits prohibitively expensive. vii. Counter party Risk – Where there is inappropriate underwriting or credit assessments. viii. Contractual Risk – Where the NBFC may not have the ability to enforce the contract. ix. Concentration and Systemic Risk – Where the overall industry has considerable exposure to one service provider and hence the NBFC may lack control over the service provider. x. Country Risk – Due to the political, social or legal climate creating added risk. 5.4 Evaluating the Capability of the Service Provider 5.4.1 In considering or renewing an outsourcing arrangement, appropriate due diligence shall be performed to assess the capability of the service provider to comply with obligations in the outsourcing agreement. Due diligence shall take into consideration qualitative and quantitative, financial, operational and reputational factors. NBFCs shall consider whether the service providers' systems are compatible with their own and also whether their standards of performance including in the area of customer service are acceptable to it. NBFCs shall also consider, while evaluating the capability of the service provider, issues relating to undue concentration of outsourcing arrangements with a single service provider. Where possible, the NBFC shall obtain independent reviews and market feedback on the service provider to supplement its own findings. 5.4.2 Due diligence shall involve an evaluation of all available information about the service provider, including but not limited to the following: i. past experience and competence to implement and support the proposed activity over the contracted period; ii. financial soundness and ability to service commitments even under adverse conditions; iii. business reputation and culture, compliance, complaints and outstanding or potential litigation; iv. security and internal control, audit coverage, reporting and monitoring environment, business continuity management and v. ensuring due diligence by service provider of its employees. 5.5 The Outsourcing Agreement The terms and conditions governing the contract between the NBFC and the service provider shall be carefully defined in written agreements and vetted by NBFC's legal counsel on their legal effect and enforceability. Every such agreement shall address the risks and risk mitigation strategies. The agreement shall be sufficiently flexible to allow the NBFC to retain an appropriate level of control over the outsourcing and the right to intervene with appropriate measures to meet legal and regulatory obligations. The agreement shall also bring out the nature of legal relationship between the parties, i.e., whether agent, principal or otherwise. Some of the key provisions of the contract shall be the following: i. the contract shall clearly define what activities are going to be outsourced including appropriate service and performance standards; ii. the NBFC must ensure it has the ability to access all books, records and information relevant to the outsourced activity available with the service provider; iii. the contract shall provide for continuous monitoring and assessment by the NBFC of the service provider so that any necessary corrective measure can be taken immediately; iv. a termination clause and minimum period to execute a termination provision, if deemed necessary, shall be included; v. controls to ensure customer data confidentiality and service providers' liability in case of breach of security and leakage of confidential customer related information shall be incorporated; vi. there must be contingency plans to ensure business continuity; vii. the contract shall provide for the prior approval/ consent by the NBFC of the use of subcontractors by the service provider for all or part of an outsourced activity; viii. it shall provide the NBFC with the right to conduct audits on the service provider whether by its internal or external auditors, or by agents appointed to act on its behalf and to obtain copies of any audit or review reports and findings made on the service provider in conjunction with the services performed for the NBFC; ix. outsourcing agreements shall include clauses to allow the Reserve Bank of India or persons authorised by it to access the NBFC's documents, records of transactions, and other necessary information given to, stored or processed by the service provider within a reasonable time; x. outsourcing agreement shall also include a clause to recognise the right of the Reserve Bank to cause an inspection to be made of a service provider of an NBFC and its books and account by one or more of its officers or employees or other persons; xi. the outsourcing agreement shall also provide that confidentiality of customer's information shall be maintained even after the contract expires or gets terminated and xii. the NBFC shall have necessary provisions to ensure that the service provider preserves documents as required by law and take suitable steps to ensure that its interests are protected in this regard even post termination of the services. 5.6 Confidentiality and Security 5.6.1 Public confidence and customer trust in the NBFC is a prerequisite for the stability and reputation of the NBFC. Hence the NBFC shall seek to ensure the preservation and protection of the security and confidentiality of customer information in the custody or possession of the service provider. 5.6.2 Access to customer information by staff of the service provider shall be on 'need to know' basis i.e., limited to those areas where the information is required in order to perform the outsourced function. 5.6.3 The NBFC shall ensure that the service provider is able to isolate and clearly identify the NBFC's customer information, documents, records and assets to protect the confidentiality of the information. In instances, where service provider acts as an outsourcing agent for multiple NBFCs, care shall be taken to build strong safeguards so that there is no comingling of information / documents, records and assets. 5.6.4 The NBFC shall review and monitor the security practices and control processes of the service provider on a regular basis and require the service provider to disclose security breaches. 5.6.5 The NBFC shall immediately notify RBI in the event of any breach of security and leakage of confidential customer related information. In these eventualities, the NBFC would be liable to its customers for any damages. 5.7 Responsibilities of Direct Sales Agents (DSA)/ Direct Marketing Agents (DMA)/ Recovery Agents 5.7.1 NBFCs shall ensure that the DSA/ DMA/ Recovery Agents are properly trained to handle their responsibilities with care and sensitivity, particularly aspects such as soliciting customers, hours of calling, privacy of customer information and conveying the correct terms and conditions of the products on offer, etc. 5.7.2 NBFCs shall put in place a board approved Code of conduct for DSA/ DMA/ Recovery Agents, and obtain their undertaking to abide by the code. In addition, Recovery Agents shall adhere to extant instructions on Fair Practices Code for NBFCs as also their own code for collection of dues and repossession of security. It is essential that the Recovery Agents refrain from action that could damage the integrity and reputation of the NBFC and that they observe strict customer confidentiality. 5.7.3 The NBFC and their agents shall not resort to intimidation or harassment of any kind, either verbal or physical, against any person in their debt collection efforts, including acts intended to humiliate publicly or intrude upon the privacy of the debtors' family members, referees and friends, sending inappropriate messages either on mobile or through social media, making threatening and/or anonymous calls, persistently10 calling the borrower and/ or calling the borrower before 8:00 a.m. and after 7:00 p.m. for recovery of overdue loans, making false and misleading representations, etc. Any violation in this regard will be viewed seriously11. 5.8 Business Continuity and Management of Disaster Recovery Plan 5.8.1 An NBFC shall require its service providers to develop and establish a robust framework for documenting, maintaining and testing business continuity and recovery procedures. NBFCs need to ensure that the service provider periodically tests the Business Continuity and Recovery Plan and may also consider occasional joint testing and recovery exercises with its service provider. 5.8.2 In order to mitigate the risk of unexpected termination of the outsourcing agreement or liquidation of the service provider, NBFCs shall retain an appropriate level of control over their outsourcing and the right to intervene with appropriate measures to continue its business operations in such cases without incurring prohibitive expenses and without any break in the operations of the NBFC and its services to the customers. 5.8.3 In establishing a viable contingency plan, NBFCs shall consider the availability of alternative service providers or the possibility of bringing the outsourced activity back in-house in an emergency and the costs, time and resources that would be involved. 5.8.4 Outsourcing often leads to the sharing of facilities operated by the service provider. The NBFC shall ensure that service providers are able to isolate the NBFC's information, documents and records, and other assets. This is to ensure that in appropriate situations, all documents, records of transactions and information given to the service provider, and assets of the NBFC, can be removed from the possession of the service provider in order to continue its business operations, or deleted, destroyed or rendered unusable. 5.9 Monitoring and Control of Outsourced Activities 5.9.1 The NBFC shall have in place a management structure to monitor and control its outsourcing activities. It shall ensure that outsourcing agreements with the service provider contain provisions to address their monitoring and control of outsourced activities. 5.9.2 A central record of all material outsourcing that is readily accessible for review by the Board and senior management of the NBFC shall be maintained. The records shall be updated promptly and half yearly reviews shall be placed before the Board or Risk Management Committee. 5.9.3 Regular audits by either the internal auditors or external auditors of the NBFC shall assess the adequacy of the risk management practices adopted in overseeing and managing the outsourcing arrangement, the NBFC's compliance with its risk management framework and the requirements of these directions. 5.9.4 NBFCs shall at least on an annual basis, review the financial and operational condition of the service provider to assess its ability to continue to meet its outsourcing obligations. Such due diligence reviews, which can be based on all available information about the service provider shall highlight any deterioration or breach in performance standards, confidentiality and security, and in business continuity preparedness. 5.9.5 In the event of termination of the outsourcing agreement for any reason in cases where the service provider deals with the customers, the same shall be publicized by displaying at a prominent place in the branch, posting it on the web-site, and informing the customers so as to ensure that the customers do not continue to deal with the service provider. 5.9.6 Certain cases, like outsourcing of cash management, might involve reconciliation of transactions between the NBFC, the service provider and its sub-contractors. In such cases, NBFCs shall ensure that reconciliation of transactions between the NBFC and the service provider (and/ or its sub-contractor), are carried out in a timely manner. An ageing analysis of entries pending reconciliation with outsourced vendors shall be placed before the Audit Committee of the Board (ACB) and NBFCs shall make efforts to reduce the old outstanding items therein at the earliest. 5.9.7 A robust system of internal audit of all outsourced activities shall also be put in place and monitored by the ACB of the NBFC. 5.10 Redress of Grievances related to Outsourced Services i. NBFCs shall constitute Grievance Redressal Machinery as contained in RBI’s circular on Grievance Redressal Mechanism vide DNBS.CC.PD.No.320/03.10.01/2012-13 dated February 18, 2013. At the operational level, all NBFCs shall display the name and contact details (Telephone/ Mobile nos. as also email address) of the Grievance Redressal Officer prominently at their branches/ places where business is transacted. The designated officer shall ensure that genuine grievances of customers are redressed promptly without involving delay. It shall be clearly indicated that NBFCs' Grievance Redressal Machinery will also deal with the issue relating to services provided by the outsourced agency. ii. Generally, a time limit of 30 days may be given to the customers for preferring their complaints/ grievances. The grievance redressal procedure of the NBFC and the time frame fixed for responding to the complaints shall be placed on the NBFC's website. 5.11 Reporting of transactions to FIU or other competent authorities NBFCs would be responsible for making Currency Transactions Reports and Suspicious Transactions Reports to FIU or any other competent authority in respect of the NBFCs' customer related activities carried out by the service providers. 6. Outsourcing within a Group/ Conglomerate 6.1 In a group structure, NBFCs may have back-office and service arrangements/ agreements with group entities e.g., sharing of premises, legal and other professional services, hardware and software applications, centralize back-office functions, outsourcing certain financial services to other group entities, etc. Before entering into such arrangements with group entities, NBFCs shall have a Board approved policy and also service level agreements/arrangements with their group entities, which shall also cover demarcation of sharing resources i.e., premises, personnel, etc. Moreover the customers shall be informed specifically about the company which is actually offering the product/service, wherever there are multiple group entities involved or any cross selling observed. 6.2 While entering into such arrangements, NBFCs shall ensure that these: a. are appropriately documented in written agreements with details like scope of services, charges for the services and maintaining confidentiality of the customer's data; b. do not lead to any confusion to the customers on whose products/services they are availing by clear physical demarcation of the space where the activities of the NBFC and those of its other group entities are undertaken; c. do not compromise the ability to identify and manage risk of the NBFC on a stand-alone basis; d. do not prevent the RBI from being able to obtain information required for the supervision of the NBFC or pertaining to the group as a whole; and e. incorporate a clause under the written agreements that there is a clear obligation for any service provider to comply with directions given by the RBI in relation to the activities of the NBFC. 6.3 NBFCs shall ensure that their ability to carry out their operations in a sound fashion would not be affected if premises or other services (such as IT systems, support staff) provided by the group entities become unavailable. 6.4 If the premises of the NBFC are shared with the group entities for the purpose of cross-selling, NBFCs shall take measures to ensure that the entity's identification is distinctly visible and clear to the customers. The marketing brochure used by the group entity and verbal communication by its staff / agent in the NBFCs premises shall mention nature of arrangement of the entity with the NBFC so that the customers are clear on the seller of the product. 6.5 NBFCs shall not publish any advertisement or enter into any agreement stating or suggesting or giving tacit impression that they are in any way responsible for the obligations of its group entities. 6.6 The risk management practices expected to be adopted by an NBFC while outsourcing to a related party (i.e. party within the Group / Conglomerate) would be identical to those specified in Para 5 of this directions. 7. Off-shore outsourcing of Financial Services 7.1 The engagement of service providers in a foreign country exposes an NBFC to country risk -economic, social and political conditions and events in a foreign country that may adversely affect the NBFC. Such conditions and events could prevent the service provider from carrying out the terms of its agreement with the NBFC. To manage the country risk involved in such outsourcing activities, the NBFC shall take into account and closely monitor government policies and political, social, economic and legal conditions in countries where the service provider is based, both during the risk assessment process and on a continuous basis, and establish sound procedures for dealing with country risk problems. This includes having appropriate contingency and exit strategies. In principle, arrangements shall only be entered into with parties operating in jurisdictions generally upholding confidentiality clauses and agreements. The governing law of the arrangement shall also be clearly specified. 7.2 The activities outsourced outside India shall be conducted in a manner so as not to hinder efforts to supervise or reconstruct the India activities of the NBFC in a timely manner. 7.3 As regards the off-shore outsourcing of financial services relating to Indian Operations, NBFCs shall additionally ensure that a) Where the off-shore service provider is a regulated entity, the relevant off-shore regulator will neither obstruct the arrangement nor object to RBI inspection visits/ visits of NBFCs internal and external auditors. b) The availability of records to management and the RBI will withstand the liquidation of either the offshore custodian or the NBFC in India. c) The regulatory authority of the offshore location does not have access to the data relating to Indian operations of the NBFC simply on the ground that the processing is being undertaken there (not applicable if off shore processing is done in the home country of the NBFC). d) The jurisdiction of the courts in the off shore location where data is maintained does not extend to the operations of the NBFC in India on the strength of the fact that the data is being processed there even though the actual transactions are undertaken in India and e) All original records continue to be maintained in India. 1Vide circular DOR.CRE.REC.No..60/03.10.001/2021-22 dated October 22, 2021. 2 Vide circular DOR.CO.LIC.CC No.119/03.10.001/2020-21 dated February 12, 2021 3 The Financial Action Task Force (FATF) periodically identifies jurisdictions with weak measures to combat money laundering and terrorist financing (AML/CFT) in its following publications: i) High-Risk Jurisdictions subject to a Call for Action, and ii) Jurisdictions under Increased Monitoring. A jurisdiction, whose name does not appear in the two aforementioned lists, shall be referred to as a FATF compliant jurisdiction. 4 Potential voting power could arise from instruments that are convertible into equity, other instruments with contingent voting rights, contractual arrangements, etc. that grant investors voting rights (including contingent voting rights) in the future. In such cases, it should be ensured that new investments from FATF non-compliant jurisdictions are less than both (i) 20 per cent of the existing voting powers and (ii) 20 per cent of existing and potential voting powers assuming those potential voting rights have materialised. 5 Vide Circular DOR.ACC.REC.No.23/21.02.067/2021-22 dated June 24, 2021. 6 Where an NBFC-P2P has been in existence for less than three financial years, it shall be since registration. 7Vide circular DOR.ACC.REC.No.20/21.04.018/2022-23 dated April 19, 2022. 8 Paras 15A and 15B inserted vide circular DOR.CRE.REC.No..60/03.10.001/2021-22 dated October 22, 2021. 9 The definitions of FIP and FIU are as per the Master Direction- Non-Banking Financial Company - Account Aggregator (Reserve Bank) Directions, 2016, as amended from time to time. 10 For example- calling repeatedly 11 Inserted vide circular DOR.ORG.REC.65/21.04.158/2022-23 dated August 12, 2022. |