What is a Non-Banking Financial Company or NBFC?
According to Section 45 (I) (f) read with Section 45-I (c) of the RBI Act, 1934 as amended in 1997 - Non-Banking Financial Company or NBFC is an institution whose principal business is of receiving deposits or that of a financial institution such as lending, investment in securities, hire purchase finance or equipment leasing. As specified in December 6, 2006 of RBI circular the companies financing real or financial assets for productive or economic activity will be classified as Asset Finance Company. The remaining companies are classified as loan/investment companies. The following are the types of NBFCs:
- Asset Finance Company;
- Investment Company; and
- Loan Company.
NBFCs, or Non- Banking Financial Companies are an important part of the Indian economy. These entities play an essential role in equipment leasing, hire-purchase, and making loans and investments. The Reserve Bank of India Act, 1934, through Chapter III B entrusts the regulation and supervision with the Reserve Bank of India with the following listed objectives:
- Ensuring a healthy growth of the financial companies.
- To make sure that the NBFC companies function as a part of the financial system within the specified framework and policy. The existence and functioning of the NBFC Company don’t lead to systematic aberrations.
- To maintain the surveillance quality and supervision that the Banks exercise over the NBFCs. This can be done by keeping track of the developments in this sector of the financial system.
- The Reserve Bank also issued directions to the Companies regarding the acceptance of public deposits, prudential norms like capital adequacy, income recognition, asset classification, provisions for bad and doubtful debt, exposure norms, and other measures to monitor the financial solvency reporting to RBI. NBFC Audit is also made mandatory and directions were also issued to the auditors regarding the same. The auditors have to report non-compliance to the RBI.
What are the Types of NBFC Audit?
There are three different types of audits, as per the ISO 19011:2018 standards that are listed below:
Process Audit: This type of audit is conducted to verify whether the processes in the companies are following the predetermined instructions provided by the Governing bodies. Also, the primary objective of performing this type of NBFC audit is to ensure that any company process does not involve any activity that does not adhere to these rules.
Product Audit: This type of NBFC audit is done for any specific product or service. The auditing of the product or service includes or may include hardware, processed material, or software. This audit is performed to ensure that they conform to the specifications, performance standards, or the customer requirements.
System Audit: This type of NBFC audit is conducted on the management level. It is conducted to ensure a proper developed system and whether everything is useful and in conjunction with the specified requirements.
Who is authorized to Conduct NBFC Audit?
NBFC Audit is conducted by an eligible person appointed by the management of the company. It is lead by the Chief Audit Executive (CAE) who then further reports to the Audit Committee of the Board of Directors with the reporting of the Chief Audit Officer.
As per the guidelines of RBI, a CA conducts the Statutory Audit under the Companies Act, 2013. It is a type of audit performed by the qualified auditors who works as an external auditor and independent parties.
Components of NBFC Audit
The necessary steps involved in conducting NBFC Audit are as follows:
Classification of the Company
The first step in carrying out the NBFC Audit is to go through the Memorandum of Association (MOA) and Articles of Association (AOA) of the Company. The auditor may also inspect the minutes of the Board or Committee Meetings and also discuss with the people at the apex level to bring clarity and a better understanding of the principal functions of the company.
Based on the classification of the company into a loan company or Investment Company, it is accordingly needed to comply with the provisions related to acceptance of deposits as contained in the NBFC Public Deposit Directions for NBFC Audit.
Evaluation of the Internal Control System
It is the management's responsibility to maintain an adequate accounting system incorporating various controls based on the size and nature of the business. An auditor must understand the accounting system and the related internal controls adopted by the NBFC to determine the nature, timing and extent of audit procedures. While performing NBFC Audit, the auditor must also check the effectiveness of the recovery system and periodic review of the advances in place, which will facilitate monitoring and effective follow-up.
Compliance with Net Owned Fund
Recently RBI has made some changes for obtaining a Certificate of Registration for commencing a business under Section 45-IA of the RBI Act. (Notification No. DOR.CRE.060.CGM (MM), 17th March, 2022). It is now necessary for all the NBFCs to have a minimum net-owned fund of Rs. ten crores from 01 October 2022(Currently two crore). However, it is to be noted that all existing NBFCs holding a certificate of registration as of October 22, 2021, have a net owned fund of less than Rs. Ten crores shall have Net Owned Funds of Rs. Ten crores as per the following glide path:
By March 31, 2025
By March 31, 2027
NBFC-ICC (Investment and Credit Company)
Rs. 5 crore
Rs. 10 crore
NBFC-MFI (Micro Finance Institution)
Rs. 7 crore
Rs. 10 crore
NBFC-MFI in the North Eastern Region of the Country
Rs. 5 crore
Rs. 10 crore
Rs. 7 crore
Rs. 10 crore
The auditor then obtains a copy of the Certificate of Registration of the company to ensure that the company is not functioning without the certificate. If the company has applied to obtain the Certificate of Registration, the auditor needs to get a copy of the application for the same for NBFC Audit.
NBFC Directions regarding Public Deposits (Non-Banking Financial Companies Acceptance of Public Deposits (Reserve Bank) Directions, 2016)
The auditor should determine if the NBFC is a loan company, an investment company, or a hire purchase finance company or an equipment leasing company. If the NBFC does not lay in any of the classifications, it is the auditor's duty to classify the type of the company to make sure they comply with the related regulations.
The ceiling on the quantum of deposits is decided per the credit rating given by the approved credit rating agency. NBFC will have to reduce its public deposits within a specified time frame, when decline in credit rating is noticed. Every non-banking financial company accepting or holding public deposit shall submit an audited balance sheet to RBI on the last date of each financial year.
NBFC Prudential Norms Directions
The auditor for NBFC Audit checks the company's compliance with the required prudential norms based on their income source such as from investments, accounting standards, asset classification, accounting for investments, prohibition of grant in loan against own shares, provisioning for bad/doubtful debts, capital adequacy norms, etc.
Reporting of Internal Financial Controls
The Internal Financial Controls is defined under the Section 134 of the Companies Act 2013, provides for the practices and procedures adopted by the company for efficient conduct of its business operations, including adherence to the company's bylaws, safeguarding measures for its assets, vigilance over frauds, preparation of documents related to financial reporting, maintenance of accounting records.
An audit committee of Non-Banking Financial Company shall evaluate the Internal Financial Controls and risk management systems. An auditor shall report about the adequacy of the internal financial controls of an NBFC.
ICFR is applicable to all listed and public unlisted companies including small and one-person companies.
For strengthening Internal Financial Controls:
- Documentation of Risk matrix & revision of controls
- Testing of controls (Phased Testing)
- Planning & recommendations
- Mitigation of control weaknesses
- Implementation of Revised control framework
- Management of Internal Financial Control
Appointment of Auditors for NBFC
As per the RBI Circular (Notification no. DoS.CO.ARG/SEC.01/08.91.001/2021-22); The appointment of statutory central auditors/statutory auditors of commercial banks, UCBs and NBFCs (including Housing Finance Companies) would be applicable for the financial year 2021-22 and onwards. NBFCs are not required to take prior approval of RBI for appointment of Statutory Central Auditors /Statutory Auditors; whereas it is mandated for all NBFCs to inform RBI by way Form A (certificate) within one month of such appointment for each year.
What are the Key Audit Areas in NBFC Audit?
Many points are included in the Auditor's Report that differs in the type of activity that the NBFCs are indulged in. Some of the critical inclusions to be mentioned in an Auditor's report are as follow:
- Physical verification of all the shares or securities held by the company.
- NBFC prudential norms fixed or not.
- Verifying that the NBFC has not advances any loan against their respective shares.
- If there is any window dressing which means any new loan is passed to repay an existing loan.
- Check the Board’s Minutes with regard to any purchase and sale of investments.
- To ascertain whether the requirements needed in AS 13 “Accounting for Investment” has been compiled by the NBFC.
- Check the classification of NBFC’s loans and advances into Standard Assets, Sub- Standard Assets, Doubtful Assets, and Loss Assets and provision related to doubtful and bad assets are mandated by the NBFC Prudential Norms.
- To obtain all the balance confirmation of the respective parties.
- Check whether the NBFC has invested or lent the mentioned limits to a single borrower.
- Also, confirming whether the NBFC follows up on loans and advances and has a proper appraisal.
- To verify that the payment for acquiring any asset has been directly made to the supplier and the original invoice has also been drawn out in the name of NBFC.
- To confirm if the hire purchase is made against the vehicles, then the registration certificate must contain an endorsement in favour of the hire purchase company.
- Confirming the insurance of the assets given on hire purchase.
- Dividend income on shares and units of Mutual funds recognised on cash basis
- In respect of securities/ shares held through a depository, a confirmation from the depository must be obtained.
- Also ascertaining that the NBFC has got a proper appraisal system for extending the leasing of equipment and finance generated through it.
- Verify that the lease agreement made with the lessee related to the equipment given on lease.
- An auditor is required to report as per the CARO (Companies (Auditor Report) Order), 2020.
What is an Auditor’s Report in terms of NBFC Audit?
The Reserve Bank of India stimulates the auditor’s report under the auditor’s direction as per Section 45MA of the RBI Act, 1934.The RBI guidelines applies to auditors of all the registered and non-registered NBFCs whether they are accepting deposits or not.
- The Auditor first of all creates a report and submits it to the Board of Directors of the Company. The report made by auditor is as per Section 143 of the Companies Act, 2013.
- The contents provided in an Auditor’s report are different in various cases such as the certificate of Registration obtained from the Banks etc.
- The audit is conducted once at the end of every financial year.
- The auditor’s report regarding NBFC Audit must include the reason for all the unfavourable or qualified statement’s given by the auditor on the contents of the report and also submit a separate report to the Board of Directors of the Company.
- The Auditor’s Report regarding the NBFC Audit must be submitted to the Regional Office of the NBFCs at the end of financial year. This must be done within one month from the date of finalizing of the Balance Sheet and should not be later than 30th December of that year.
What are Statutory Audits and Internal Audits with respect to NBFC Audit?
This type of Audit is mandatory for all companies registered under the Companies Act .The purpose of this type of NBFC Audit is almost the same as internal audits. The statutory auditor prepares a report after auditing the Book of Accounts of the Company in a prescribed format.
The main aim behind conducting of a Statutory Audit is to ensure whether the company is providing a fair and accurate representation of its activities by evaluating the bank balances, bookkeeping records, financial transactions, etc.
Internal audit is the process to evaluate the internal control systems of the company, corporate governance and the processing of the accounts. The main purpose of internal audit is to identify the problems and also find solutions before any inspection is done. It helps in detecting any issues within the internal systems of the company, and ultimately improves operational efficiency.
Internal audits are important because it assists in identifying the problems in the functioning of the company and also solves them. It improves the effectiveness of governance, control, and risk management process. By conducting an internal audit, an organization can avoid penalties that might be imposed on them otherwise. However, performing an internal audit is not mandatory, unlike the Statutory Audit. But, it is done to check every function and other aspects that might be caught by a Statutory Auditor and the company might become liable for the penalty. As per RBI guidelines, the internal audit function should not be outsourced; however, experts can be hired on a contractual basis including former employees if experts are not available internally.
Framework for Compliance Function and Role of Chief Compliance Officer
In an annual review, a NBFC shall carry out compliance risk assessment in order to identify the major compliance risks faced by them and make a plan to mitigate the risks. The report must cover the progress in implementations of recommendations given by RBI inspection reports and various audits (RBI Notification no. DoS.CO.PPG./SEC.01/11.01.005/2022-23- April 11, 2022). Compliance Function shall be subject to regular internal audit, whereas Compliance risk shall be included in the risk assessment framework of the Internal Audit Function.
How can Enterslice Help You?
- Fill the Form
- Get a Callback
- Submit Document
- Track Progress
- Get Deliverables