Compliance Function and Role of Chief Compliance Officer (CCO) - NBFCs - ఆర్బిఐ - Reserve Bank of India
Compliance Function and Role of Chief Compliance Officer (CCO) - NBFCs
RBI/2022-23/24 April 11, 2022 The Chairman / Managing Director / Chief Executive Officer Madam / Dear Sir, Compliance Function and Role of Chief Compliance Officer (CCO) - NBFCs Please refer to the Reserve Bank’s guidelines on ‘Scale Based Regulation (SBR): A Revised Regulatory Framework for NBFCs’ issued vide Circular Ref.DOR.CRE. REC.No.60/03.10.001/2021-22 dated October 22, 20211. As indicated therein, Non-Banking Financial Companies in the Upper Layer (NBFC-UL) and Middle Layer (NBFC-ML) would be required, inter alia, to have an independent Compliance Function and a Chief Compliance Officer (CCO). Accordingly, this Circular shall be applicable to all NBFC-UL and NBFC-ML. NBFCs in the Base Layer (NBFC-BL) shall continue to be governed under the existing guidelines2. 2. As part of the overall structure for Corporate Governance, Compliance Function serves a critical role. Accordingly, it has been decided to introduce certain principles, standards and procedures for Compliance Function in NBFC-UL and NBFC-ML, keeping in view the principles of proportionality. 3. NBFC-UL and NBFC-ML shall put in place a Board approved policy and a Compliance Function, including the appointment of a Chief Compliance Officer (CCO), based on the Framework given in the Annex, latest by April 1, 2023 and October 1, 2023, respectively. 4. This Circular shall be placed in the immediate next meeting of the Board of Directors for information and devising an implementation strategy, under the Board’s supervision, in a time-bound manner. Yours faithfully, (Arnab Kumar Chowdhury) Encl.: Annex Framework for Compliance Function and Role of Chief Compliance Officer in Non-Banking Financial Companies in Upper Layer and Middle Layer (NBFC-UL & NBFC-ML) 1. Introduction The Compliance Function is an integral part of effective governance, along with the internal control and risk management processes. The NBFCs in Upper Layer and Middle Layer shall treat the prescriptions in the Circular as a set of minimum guidelines only and accordingly frame their guidelines taking into account their corporate governance framework, the scale of operations, risk profile and organizational structure, etc. 2. Compliance Risk Compliance risk is 'the risk of legal or regulatory sanctions, material financial loss or loss of reputation an NBFC may suffer, as a result of its failure to comply with laws, regulations, rules and codes of conduct, etc., applicable to its activities. 3. Scope and Coverage of Compliance Function Compliance Function shall ensure strict observance of all statutory and regulatory requirements for the NBFC, including standards of market conduct, managing conflict of interest, treating customers fairly and ensuring the suitability of customer service. 4. Responsibility of the Board and Senior Management 4.1 The Board / Board Committee3 shall ensure that an appropriate Compliance Policy is put in place and implemented. Further, the Board / Board Committee shall prescribe the periodicity for review of Compliance risk. 4.2 The Senior Management shall:
5. Responsibilities of Compliance Function 5.1 Compliance Function shall be responsible for undertaking the following activities at the minimum:
5.2 The CCO shall be the nodal point of contact between the NBFC and the regulators / supervisors and shall necessarily be a participant in the structured or other regular discussions held with RBI. Further, compliance to RBI inspection reports shall be communicated to RBI necessarily through the office of the Compliance Function. 5.3 In some NBFCs, there may be separate departments / divisions looking after compliance with different statutory and other requirements. In such cases, the departments concerned shall hold the prime responsibility for their respective areas, which shall be clearly outlined. Adherence to applicable statutory provisions and regulations is the responsibility of each staff member. However, the Compliance Function would need to ensure overall oversight. 6. Broad Contours of Compliance Framework in NBFCs A. Compliance Policy a. The NBFC shall lay down a Board-approved Compliance Policy clearly spelling out its Compliance philosophy, expectations on Compliance culture, structure and role of the Compliance function, the role of CCO, processes for identifying, assessing, monitoring, managing, and reporting on Compliance risk. The Policy shall be reviewed at least once a year. b. Broadly, the Policy shall ensure coverage of the following aspects:
B. Compliance Structure The Compliance Department shall be headed by the Chief Compliance Officer, meeting the requirements prescribed in this Circular. NBFCs are free to adopt their own organizational structure for the Compliance Function. However, the function shall be independent and sufficiently resourced, its responsibilities shall be clearly specified, and its activities shall be subject to periodic and independent review. C. Compliance Programme The NBFC shall carry out an annual Compliance risk assessment in order to identify and assess major Compliance risks faced by them and prepare a plan to manage the risks. The annual review, to be carried out by the Senior Management, shall ensure coverage of at least the following aspects:
D. Authority The CCO and Compliance Function shall have the authority to communicate with any staff member and have access to all records or files that are necessary to enable her / him to carry out entrusted responsibilities in respect of Compliance issues. This authority shall flow from the Compliance Policy of the NBFC. E. Dual Hatting i. There shall not be any 'dual hatting,' i.e., the CCO shall not be given any responsibility which brings elements of conflict of interest, especially any role relating to business. The CCO shall generally not be a member of any committee which conflicts her / his role as CCO with responsibility as a member of the committee, including any committee dealing with purchases / sanctions. In case the CCO is a member of any such committee, that would only be an advisory role. ii. The staff in the Compliance Department shall primarily focus on Compliance Functions. However, the Compliance staff could be assigned some other duties while ensuring that there is no conflict of interest. F. Qualifications and Staffing of Compliance Function Apart from having staff with basic qualifications and practical experience in business lines / audit & inspection functions, Compliance Function shall have adequate staff members with knowledge of statutory / regulatory prescriptions, law, accountancy, risk management, information technology, etc. Appropriate succession planning shall be ensured to avoid any future skill gap. G. Internal Audit & Independent Review of Compliance Function Compliance risk shall be included in the risk assessment framework of the Internal Audit Function, and Compliance Function shall be subject to regular internal audit. The CCO shall be kept informed of audit findings related to Compliance, which shall serve as a feedback mechanism for assessing the areas of Compliance failures. H. Supervisory Focus Examination of Compliance rigor prevalent in the NBFC shall be a part of Reserve Bank's supervisory risk assessment process. 7. Appointment and Tenure of CCO
1 Section II, para 3.2.3 (g) of the Annex to the Circular delineating the ‘Framework for Scale Based Regulation for Non-Banking Financial Companies’ requires appointment of a Chief Compliance Officer. 2 Ref: Master Direction - Non-Banking Financial Company - Systemically Important Non-Deposit taking Company and Deposit taking Company (Reserve Bank) Directions, 2016; and Master Direction - Non-Banking Financial Company – Non-Systemically Important Non-Deposit taking Company (Reserve Bank) Directions, 2016, as applicable. 3 ‘Board Committee’ means ‘Audit Committee of the Board’, wherever applicable under extant Regulations. |