Internal Audit

Internal Audit Report of NBFC

NBFC (Non-banking Financial Company) is a company which is registered under the Companies Act, 1956. It is engaged mainly in the business of loans, acquisition of stocks/debentures/securities, etc. Internal Audits of the NBFCs refer to the evaluation of the company’s internal control. The company includes the accounting processes.

Components of the Internal Audit Reports

There are some essential components of the Internal Audit Reports. These are-

1. Objectives of the Audit
2. Procedures and Scope of the Audit
3. Recommendations, if applicable
4. Response of the Management
5. Conclusions and Findings

Types of Internal Audits

The internal audits are mainly the Compliance Audit, Financial Audit, Information Technology Audit and Operational Audit.

Compliance Audit- It reviews whether the organization complies with the regulatory guidelines.

Financial Audit-

The financial audit means to check whether the financial statements are per the specified criteria.

Information Technology Audit–

The information technology audit refers to the evaluation of the organization’s operational processes, policies and procedures, etc.

 Operational Audit-

It refers to checking the operating activities of an organization, whether on a day-to-day basis or on a broader basis.

Legal Provisions for NBFC Audits

Section 45(1)(F) of the Reserve Bank of India (Amendment Act 1977) defines Non- Banking Financial Company as a company under Section 45 (1)(A) of the RBI. No NBFC can carry on their business without obtaining a registration certificate from the RBI.

Submission of Additional Report- In addition to the report completed by the Auditor under Section 143 or 227 of the Companies Act, 1956, the auditor should also give explanations to the Board of Directors.

The qualifications regarding the auditor for conducting NBFC audit are provided under Section 138(1) of the Companies Act of 2013. It mandates the internal auditor to either be a Chartered Accountant or Cost Accountant. He/she can also be such other person or professional as the Board may direct from time to time.

Each NBFC is required to submit a Certificate from the Statutory Auditor, which is involved in the business of non-banking financial institutions, and it requires holding a Certificate of Registration under Section 45(1)(A) of the RBI.

Exception Report

The auditor is required to submit an exception report to the Bank. If the company complies with:-

1. The Chapter III B of the RBI Act.
2. The 2016 directions of NBFC Acceptance of Public Deposits
3. Systemically Imp. Non- Deposit-taking Company and the Deposit-taking Company directive of 2016.

So, it will be the Auditor’s responsibility to prepare a report containing the details for such unfavourable statements or relating to non-compliance.

Statutory Checklist for NBFCs Audit

During the audit of NBFCs, the auditors must verify the shares or securities held by the non-banking financial institutions.  If the security is lodged with the Bank, then a Certificate from the institution must be verified. The auditors are also required to verify whether the extended credit facilities made by the NBFC are under the prescribed ceiling or not. As per the rules and laws, non-banking financial institutions are not to lend 15% or more of the funds to a single borrower and 25% or more to a group of borrowers. The NBFC should not advance loans against the security of the shares or assets. The prices regarding the stock market quotations should be assessed, too.

Audit Report Format for NBFC

A normal NBFC report is supposed to contain information relating to

Title– It declares that autonomous auditors prepare the audit report.

Report– The report tells about the different profit and loss details, balance sheets, and cash flow statements. It should also summarize the accounting policies.

Addressee- To whom the audit report is to be delivered, the names of such entities should be disclosed too.

Auditor’s Opinion– What the auditor thinks about the financial statements should be disclosed, too.

Company’s declaration– The declaration of the company’s financial statements or the standing of the company the financial statements should be disclosed, too.

Responsibility for Additional Reporting– This section appears when the auditor requires some additional legal or regulatory information.

Signature of the Auditor– As we know, no document is generally accepted as verified if there are no signatures, whether physical or e-signature. Hence, the auditor’s signature must be there on the audit report.

Place and Date– The name of the district or city where the audit report has been signed and the date on which it is signed must be mentioned.

In addition to these, physical verification must be done about the securities and shares of the firm. How many loans are availed by the firm? To check the confirmation of the balance. The follow-up on the loans should be there, too. If the prudential norms of the NBFC are being incorporated or not. If the company follows the KYC protocol or not. The auditor should also confirm whether the assets conferred are insured or not. To also verify the lease agreement. In all of this, we cannot afford to miss a very important document, which is the Memorandum of Association, which is self-explanatory about the nature and objectives of the business at hand. To also do a cross-examination of the value of the investments.

GAAP

GAAP means the Generally Accepted Accounting Principles. It consolidates the fundamental accounting principles that act as a framework for industry-based accounting practices and the rules for accounting. The GAAP should generally contain the guidelines for standard accounting. The supreme body of the nation should furnish accounting standards.

Key Provisions Applicable for NBFCs

After the changes made under the SBR framework, the Reserve Bank of India has now set a limit of one crore per borrower for the subscription to Initial Public Offers(IPOs) effective from the date 1 April 2022. But at the same time, the NBFCs can opt for having more conservative limits. Before this change, NBFCs had no limits on the IPO funding.

Compliance Framework

The Reserve Bank of India has observed that the compliance function and the risk management framework are important to ensure the culture of compliance within the organization. The guidelines introduced the mandatory requirement relating to the appointment of the CCO (Chief Compliance Officer) and having a policy that is approved by the Board that lays down the responsibilities of the CCO for NBFCs.

The circular, which the Reserve Bank of India issued in April 2022, focused on the rules and responsibilities of the compliance function and the role of CCOs in NBFCs. NBFCs that are in the upper and middle layer are required to put in place a policy approved by the Board by 1 April 2023 and also about the compliance function that shall include the appointment of the Chief Compliance Officer by 1 October 2023. Senior Management Role- They are required to make a review of the compliance risk, which means the risk of financial sanctions or loss of reputation of the NBFC and to submit the findings at length at least once a year. The role of the compliance function would be to check the strict observance of all regulatory and statutory requirements of the NBFC, which should include the market conduct standards, to treat the customers fairly. The Reserve Bank of India has also set certain minimum responsibilities for the compliance function of an NBFC.

Penalties for Non-Compliance

There are no specific provisions relating to the penalty for internal audit. However, the general penalty is prescribed under Section 450 of the Companies Act 2013. It shall be levied as follows: Every company officer and other person in default shall pay a fine of rupees 10,000. In the case of continuing offence or contravention, an additional penalty of rupees 1000 can be imposed on a per-day basis, and it can go up to rupees 2 lakhs in the case of a company and rupees 50,000 in the case of an officer.

Conclusion

As we have witnessed so far, the audit of the NBFCs is of crucial importance to check whether they are following the norms set by the Reserve Bank of India, which is the central regulating authority for banks in India. We have laws regulating NBFCs, but there is a need for some very specific laws regarding the internal audits of the NBFCs in India. For example, more specifications are needed for the penalties that can be imposed, etc.

FAQs