An Overview of NBFC Compliance Audit

NBFC Compliance Audit means a thorough examination of the operations, activities and financial transactions of the NBFCs to ensure that they comply with the regulatory and legal requirements imposed by the RBI and relevant financial authorities. NBFCs are those financial institutions that provide banking services without having a banking license. The audit is conducted by understanding the regulatory framework and guidelines applicable to NBFCs. These regulations include RBI guidelines, the Companies Act, the NBFC Prudential Norms, Anti-Money Laundering and Know Your Customer (KYC) requirements, etc. Before conducting an audit, an audit plan is developed, which outlines the scope, objectives and audit methodology. It also defines the timeline for the audit. The NBFC Compliance Audit focuses on NBFC’s compliance with norms such as capital adequacy, income recognition, asset classification and provisioning. The audit evaluates the quality of assets held by the NBFCs, including non-performing assets (NPAs) and the adequacy of provisions made for bad loans.

What is the need for an NBFC Compliance Audit?

CFO Services

Protect Your Reputation

Non-compliance can damage your reputation, whereas compliance builds a positive reputation and helps you gain the trust of customers and investors. Customers and investors tend to trust a company that follows the rules and regulations set by the RBI.

CFO Services

Ensures Business Continuity

Continuity with the business can be ensured by complying with RBI regulations. Non-compliance may lead to revocation of your business license and, in turn, result in the closure of your business. Compliance helps in avoiding such situations and ensures the continuity of business.

CFO Services

Scope of Work

We manage NBFC post-reg compliance, including external agency registration & monthly reports. Entities register with CIC, FIU, IU, CKYC, & CERSAI. As a Reporting Entity in India, NBFCs, licensed by RBI, join 4 CIC companies & report activities by each month's 15th. Enterslice offers registration & routine NBFC reporting as per RBI schedules.


Empowering Financial Access with Digital Lending

In today's fast-paced world, digital lending provides financial convenience, speed, and accessibility to borrowers. In this presentation, we are exploring the benefits, challenges, and the future of digital lending

Download PDF

Essential Requirement of NBFC Compliance Audit

Financial modeling Services

Registration and Licensing

The initial step for compliance is to ensure registration with the RBI. For this, you require a certificate of Registration (CoR), as mentioned by the RBI. The process under NBFC compliance claims to maintain reports, fulfil prudential norms, and maintain a Minimum net owned fund (NOF).

Financial modeling Services

Data protection

Data Protection is embedded as a key component in NBFC Compliance. It ensures that the customer data is fully protected and secured. With this, it mentions a law that centres around the Personal Data Protection Bill of 2019, specifying the incorporated security measures to avoid data mishandling or breaches.

Financial modeling Services

Capital Adequacy

Capital Adequacy in NBFC compliance acts as a surety given by the business to withstand any financial shocks/losses or as much as 15%. This is the minimum ratio governed by the rule. Failure to do so can have repercussions, such as revoking the licence.

Financial modeling Services


Know-Your-Customer and Anti-Money Laundering constitutes a part of the NBFC Compliance. Within this, you need to identify the customers and look for proper records and reports in case of any suspicious activity. Failure to do so can result in severe penalties. In conclusion, compliance is not an option but a must-have for NBFCs.

Need for NBFC Compliance Audit

1. Regulatory Compliance

Various regulatory guidelines and directives are imposed on NBFCs by regulatory bodies like the Reserve Bank of India or other relevant authorities. Audits conducted regularly ensure that the NBFC complies with the regulations, thereby reducing the risk of legal & regulatory penalties.

2.Risk Management

NBFCs are exposed to various financial and operational risks. An audit helps identify and assess these risks, enabling the management to implement effective risk management strategies. It includes assessing credit, market, liquidity, and operational risks.

3. Stakeholder Confidence

Regular audits build and maintain stakeholder confidence. Shareholders, investors and creditors often rely on audited financial statements to make informed decisions. A clean audit report can enhance the NBFC's credibility in the stakeholders' eyes.

4. Internal Control Assessment

Within the NBFC, the effectiveness of internal controls is evaluated by Audits. It includes examining processes, procedures and systems in place to safeguard assets, ensure accurate financial reporting and comply with applicable laws and regulations.

What are the types of NBFC Compliance Audits?

Process Audit

Such an audit is conducted to verify whether the processes in the companies are following the predetermined instructions provided by the Governing bodies. The main objective behind conducting this type of audit is to ensure that no company process involves any activity that does not adhere to these rules.

Cash flow
Cash flow

Product Audit

Such an audit is done for any specific product or service. Auditing the product or service may include hardware, processes, material, or software. This type of audit ensures that they conform to the specifications, performance standards, or customer requirements.

System Audit

Such an audit is conducted on the management level to ensure a properly developed system and whether everything is sound and in conjunction with the specified requirements.

Cash flow

Who is authorised to conduct the NBFC Compliance Audit?

NBFC Compliance Audit is conducted by an eligible person appointed by the company's management. The audit is led by the Chief Audit Executive, who reports to the Audit Committee of the Board of Directors with the reporting of the Chief Audit Officer. As per the guidelines of RBI, a CA conducts the Statutory Audit under the Companies Act 2013. It is a type of audit performed by qualified auditors who work as external auditors and independent parties. Enterslice is a consultancy and advisory firm that provides a wide range of services, including conducting compliance audits for NBFCs. Enterslice conducts a comprehensive compliance audit to assess if the NBFC is adhering to regulatory requirements set by RBI and other relevant authorities. We review capital adequacy, asset classification, income recognition and various prudential norms. We assess the NBFC's adherence to AML and KYC regulations, which involves reviewing customer onboarding processes, transaction monitoring and compliance with AML/KYC guidelines. We evaluate the internal control system within the NBFC to ensure that they are effective in identifying and mitigating operational, financial and compliance risks. NBFC Compliance Audit also focuses on assessing the quality of assets within the NBFC's portfolio, especially in terms of non-performing assets, provisioning and loan classification. We also ensure that the NBFC follows proper asset classification norms and risk management practices.


Key Steps and Aspects Involved in NBFC Compliance Audit

  • The audit starts with understanding the regulatory framework and guidelines applicable to NBFCs. The regulations include RBI guidelines, the Companies Act, the NBFC Prudential Norms, Anti Money Laundering (AML) Know Your Customer (KYC) requirements, etc.
  • An audit plan outlines the scope, objectives and methodology. It also defines the timeline for the audit.
  • To assess whether the regulatory requirements are adhered to or not, the auditor examines the NBFC’s records and Documents, including financial statements, loan agreements, customer data and compliance records.
  • The audit ensures whether the NBFC compliance is done as per the prudential norms like capital adequacy, income recognition, asset classification and provisioning.
  • The audit assesses the quality of assets the NBFC holds, including non-performing assets and the adequacy of provisions made for bad loans.
  • The auditor assesses the NBFC’s liquidity management practices and its ability to meet short-term and long-term obligations.
  • The audit reviews the NBFC's risk management policies and procedures, including credit, market, and operational risks.
  • The audit assesses the governance structure, internal control mechanisms and the effectiveness of the board and management in ensuring compliance with regulations.
  • The NBFC's anti-money laundering and customer due diligence practices are examined in the audit process to ensure they are under regulatory requirements.
  • The last stage is preparing an audit report highlighting the findings, areas of non-compliance and recommendations for corrective actions. The report is usually shared with the management and regulatory authorities.
  • After the audit, the NBFC is expected to address any identified issues, rectify non-compliance and implement the auditor’s recommendations.

NBFC Management by Enterslice

Enterslice reviews the IT Infrastructure and cybersecurity measures to assess the security and integrity of digital data and systems and data privacy compliance. We provide services to review changes in the NBFC’s business model or expansion into new areas of operations to assess their impact on compliance and risk management. We review all regulatory compliance aspects to ensure that the NBFC complies with various regulations, guidelines and circulars issued by the RBI and other relevant authorities. We assess the NBFC’s management of operational risks, including those related to internal processes, systems and human resources. Enterslice reviews the governance structure and ethical practices within the NBFC to ensure compliance with corporate governance and ethical standards.


ESG Compliance in NBFC

With the increasing emphasis on ESG factors, Enterslice also assesses the NBFC's compliance with ESG principles and evaluates its responsible business practices. We specifically examine the NBFC's income recognition and asset classification practices, ensuring they adhere to accounting standards and regulatory guidelines. We review the Paper works and reporting processes of the NBFC, ensuring that records and reports are maintained in compliance with the regulatory requirements. We provide compliance training and workshops to NBFC staff to enhance their understanding of regulatory requirements and best practices.

NBFC Compliance Audit Services For Startups



Our NBFC Compliance Audit Services provide cost-effective solutions for startups looking to manage their NBFC with the help of experts.


Expert Guidance

You will be assigned a dedicated NBFC Compliance Audit Partner who will provide expert guidance and support to help you make informed decisions.



We provide flexible packages that can be tailored to meet your specific needs and business goals.

Let’s Connect with our Auditor

If you have any questions or problems, feel free to contact us. We will provide you with immediate help.


Customer Due Diligence (CDD)

KYC Procedures

The assessment of KYC procedures is important while conducting a compliance audit for NBFC. Under this procedure, the verification of the customer's identity is done by reviewing the identification Documents used for customer verification and confirming the accuracy and legitimacy of customer information. Risk levels associated with different customer segments and the adequacy of risk-based approaches in KYC procedures are also assessed. The method used to verify customer identity is examination. Regulatory requirements regarding the verification process are complied with.

Customer Identification and Verification

The Customer Identification and Verification process audit is important while conducting a NBFC compliance audit. In this process, it is verified that the NBFC collects and maintains appropriate identification Documents from customers. Compliance with the list of acceptable identification Documents as per regulatory guidelines is ensured. The mechanism for assigning unique identifiers to customers is assessed. It is confirmed that unique identifiers are consistently and accurately assigned.

AML Compliance

The comprehensiveness of AML policies and procedures is assessed. It is verified that the policies are Documented, updated and communicated effectively. The NBFC's risk assessment process for money laundering and terrorist financing is evaluated. The risk assessment is conducted periodically and in a comprehensive manner. Based on the risk, NBFC's methodology for categorising customers is assessed. The procedures for conducting enhanced due diligence on high-risk customers are evaluated. The compliance with the regulatory requirements for Enhanced Due Diligence (EDD) is confirmed. The effectiveness of procedures for identifying and verifying Politically Exposed Persons (PEP) is assessed. Enhanced scrutiny applied to relationships involving PEPs is confirmed.

Functions of NBFC Compliance Audit

Regulatory Compliance Assessment

In the Regulatory Compliance Assessment, compliance with all applicable laws, regulations & guidelines set forth by the regulatory authorities such as RBI and other relevant bodies is evaluated and ensured.

Risk Identification and Management

The risk associated with the NBFC's operations, including credit risk, market risk, liquidity, operational risk and compliance risk, is identified and assessed. Risk Mitigation strategies are also proposed.

Customer Protection and Due Diligence

Under this, the NBFC’s procedures for customer due diligence are reviewed and verified to ensure the accurate identification and verification of customers. Compliance with anti-money laundering and other customer protection regulations is ensured.

Financial Reporting Accuracy

Financial statements and reporting practices are examined to ensure accuracy and compliance with accounting standards. The financial disclosures should be transparent and complete. Policies and practices related to Paper works and record-keeping are examined to ensure that necessary records are maintained accurately and securely.

Request a Call

Ready to take the next step? Book a 1:1 call with us to discuss your financial goals and how our CFO services can help you achieve them.

What are the Challenges involved in conducting an NBFC Compliance Audit?

Evolving Regulatory Landscape

The evolving regulatory landscape is a significant challenge in conducting an NBFC Compliance Audit. Frequent changes and updates occur in financial regulations, making it challenging to stay updated with the latest compliance requirements. Regulatory authorities introduce entirely new regulations or guidelines affecting various aspects of NBFC operations. Auditors are responsible for monitoring and adapting to these changes continually.

Diverse Regulatory Requirements

Due to diverse regulatory requirements, conducting an NBFC audit can be challenging. NBFCs may be subject to a combination of national, regional and international regulations. Different regulators regulate various aspects of NBFC’s operations, such as the RBI, SEBI, etc. Auditors must understand and navigate these diverse sets of regulations. Further, Auditors are also responsible for understanding and navigating these various sets of regulations.

Specialised Knowledge

Due to the unique nature of these financial institutions and the complex regulatory environment, NBFC compliance audit requires auditors to possess specialised knowledge and expertise. NBFCs operate in a specialised financial sector, and auditors need in-depth knowledge of the specific regulations and industry practices to assess compliance effectively. A strong grasp of the KYC and AML regulations is crucial for assessing an NBFC's compliance with these requirements.

Data Privacy and Security

As NBFCs handle sensitive customer financial data, protecting this information becomes important. Auditors are responsible for carefully handling sensitive financial and customer data ,as data privacy and security are significant concerns, and sometimes, ensuring data protection and confidentiality can be a challenge. Auditors review the NBFC's data handling practices to ensure customer data is collected and processed in compliance with data privacy regulations. It includes assessing data retention, access controls, encryption, and transfer mechanisms.

Complex Financial Transactions

NBFCs often engage in a variety of financial transactions and products, some of which are intricate and require a specialised understanding. NBFCs often use structured products, securitisation and derivative contracts to engage in complex financial transactions. Auditors must have the expertise to understand and evaluate these transactions for compliance. If an NBFC is involved in securitisation transactions, auditors need to assess the adherence to securitisation guidelines, including credit enhancements, legal structures and compliance with the SARFAESI Act. Auditors should also evaluate the compliance of investment products, such as mutual funds or alternative investment funds, with regulations and investor protection requirements.


Rapid Growth and Business Model Changes

Raid growth and business model changes pose a significant challenge for conducting a compliance audit. If an NBFC experiences rapid expansion or undergoes significant changes in its business model, auditors need to adapt their audit approach to address these challenges. Few NBFCs undergo rapid growth or may diversify their business models. Auditors must adapt to these changes and ensure the audit scope covers all new activities.


NBFC Compliance Audit Services provided by Enterslice


Initial Consultation

The audit process starts with an initial consultation between Enterslice and the NBFC client. At this stage, the audit's scope, objectives and specific requirements are discussed and defined. In this process, we meet with the key members of the NBFC's management to discuss the audit. Together, we discuss the primary objective of the audit. It may include a general assessment of compliance with regulatory requirements. In this discussion, the scope of the audit is defined, which includes specifying compliance areas to be audited, the time period under consideration and the extent of the audit. In this consultation, we provide an overview of the relevant regulatory requirements and guidelines, which serve as a foundation for the audit. We discuss the audit plan and outline the audit methodology, procedures, timelines and resource requirements. The process of collecting data and Paper works is discussed. We seek certain records and information from the NBFC to facilitate the audit process. We explain how we assess the risks in the audit. We discuss the importance of maintaining confidentiality and data privacy during the audit process. We also ensure that sensitive information is handled with care and as per the legal and ethical standards. In our initial consultation, we agreed on the timeline for the audit, including key milestones, deadlines and the expected completion date for the audit report.


Audit Planning

Enterslice formulates an audit plan that outlines the audit scope, objectives, timelines and the specific regulatory and compliance areas that will be reviewed. We define the specific objectives of the audit in a manner that aligns with the purpose of the audit, such as assessing compliance with regulatory requirements, identifying areas of non-compliance and providing recommendations for improvement. We specify the areas, functions or processes within the NBFC that will be audited. It includes AML/KYC compliance, capital adequacy, asset quality, governance and other relevant aspects. We conduct thorough risk assessments to identify high-risk areas that require more extensive audit procedures. We consider both operational and compliance-related risks that may impact the NBFC's compliance with regulatory requirements. We develop an audit methodology outlining the procedures and techniques to be used during the audit. We provide details of the specific audit procedures to be employed to assess compliance. The procedures include reviewing Paper works, testing controls, conducting interviews and analysing financial statements and records.


Risk Assessment

Risk Assessment involves identifying, evaluating and prioritising risks that may affect the NBFC's compliance with regulatory requirements. Enterslice conducts a risk assessment to identify high-risk areas and determine where audit resources should be focused. It helps prioritise audit activities. We begin by deeply understanding the regulatory framework governing the NBFCs. It includes regulations, guidelines, circulars and directives issued by the RBI and other relevant regulatory authorities. We stay updated with the recent regulatory changes, amendments and updates that may impact the NBFC's compliance requirements. It includes capital adequacy norms, asset classification, liquidity management, AML/KYC regulations and other relevant rules. We conduct preliminary assessments to identify areas of potential compliance risk. We consider factors such as the NBFC's business model, size, complexity and the specific regulatory requirements that apply to it.

Audit Procedures

Audit procedures in an NBFC compliance audit involve systematic examination of data, Paper works, and internal controls to assess the NBFC's adherence to regulatory requirements and identify any non-compliance issues. Enterslice has a team of auditors with expertise in conducting a wide range of audit procedures, including reviewing financial statements, assessing loan portfolios, examining AML and KYC practices and evaluating internal controls. We conduct compliance testing to verify the NBFC’s adherence to regulatory requirements. It includes reviewing loan portfolios to ensure proper asset classification and provisioning, evaluating the NBFC’s capital adequacy and assessing liquidity risk. We examine relevant Paper works, including financial statements, loan agreements, customer files, policies procedures and internal reports. We ensure that these Documents are accurate and complete. We verify the adequacy of customer due diligence, transaction monitoring and suspicious transaction reporting. Evaluation of the effectiveness of internal controls in place to ensure compliance with regulatory requirements. It includes controls related to risk management, data accuracy and financial reporting. We utilise data analysis to analyse large datasets, identify anomalies and assess compliance. We also conduct interviews with the NBFC staff to gather information and insights into the compliance process. We also seek clarifications and explanations for any discrepancies or non-compliance issues identified.


Frequently Ask Questions

An NBFC audit means that an NBFC is compliant with the rules and regulations mentioned in the RBI Act.

The compliance that NBFCs have to go through includes maintenance of records, returns and filings under the Prevention of Money Laundering Act, 2002, Prevention of Money Laundering (Maintenance of Records) Rules, 2005 and RBI Guidelines on Fair Practices Code for NBFCs, among others.

An NBFC Audit covers the following:

  • Governance Norms of NBFC;
  • Internal Audit
  • Check Non-Performing Assets;
  • Details and Validity of Securities;
  • Listing of the Group Companies and Subsidiaries
  • Compliance with Indian Accounting Standards
  • Legal Compliance; and
  • Any other compliance with respect to NBFC

The main aim of a statutory audit is to ensure that the company provides a fair and accurate representation of its activities by evaluating the bank balances, bookkeeping records, financial transactions, etc.

Yes, it is mandatory to carry out an NBFC Audit.

The Circular dated 27 April 2021 on 'Guidelines for Appointment of Statutory Central Auditors (SCAs)/Statutory Auditors (SAs) of Commercial Banks (excluding RRBs), UCBs and NBFCs (including HFCs) has been issued by RBI with the basic objective of putting in place ownership-neutral regulations ensuring independence of auditors, avoiding conflict of interest in auditor's appointments and to improve the quality and standards of audit in RBI Regulated Entities.

Audits in NBFC are conducted by an eligible person appointed by the management of the company. A Chief Audit Executive generally leads it.

As per the RBI Compliance Circular, 'The Compliance Function shall ensure strict observance of all statutory and regulatory requirements for the NBFC, including standards of market conduct, managing conflict of interest, treating customers fairly and ensuring the suitability of customer service.

There are three types of NBFC Audit, they are:

  • Process Audit
  • Product Audit
  • System Audit

The annual compliances of NBFCs are:

  • Undiscovered March Return/NBS-7 Return
  • Statutory Auditors Certificate of Income and Assets
  • Details of companies with FDI or Foreign Funds
  • Inspected Return for March /NBS-7
  • The audited file of annual balance and P&L Account
  • Reconciliation of a Public Deposit Rejection
  • Announcement of Auditors to Annual Audit Company

The checklist of NBFC Due Diligence includes Registration with the RBI, FIU-Ind, Statutory Auditor’s report, maintaining a statutory reserve of 20%, KYC Documents, legal agreements, etc.

NBFC shall appoint Sas from a firm that satisfies the eligibility norms each year and the approval of ACB and the Board.

Conversely, a compliance audit is a secretarial audit; a statutory audit is a legally mandated examination of the correctness of a company's or government's financial accounts and records.

A monetary penalty of INR 2 lakh for non-compliance with the directions issued by the RBI.

NBFCs are regulated by the Reserve Bank of India (RBI) & the Central Bank of India. The RBI has the authority to issue licenses to NBFCs, regulate their operations and ensure that they adhere to the established norms and regulations.

Risk Management Review

The audit conducted by auditors at Enterslice includes an assessment of the NBFC’s risk management practices, covering operational, credit, liquidity and market risk management. We define clear audit objectives related to risk management and establish the scope of review, specifying the areas, functions and regulations that pertain to risk management within the NBFC. We evaluate the NBFC's risk management framework, including its risk governance structure, policies, and procedures. We also ensure that the risk management framework complies with regulatory guidelines and is effectively implemented. We review the NBFC's risk identification and assessment processes. We also examine how the NBFC identifies and quantifies various types of risks, including credit, market, liquidity, operational, and compliance risks. We also assess NBFC's risk monitoring and reporting practices. We ensure that the NBFC has mechanisms to monitor risk exposures, limits, and indicators. We evaluate the accuracy and timeliness of risk reporting to management and regulatory authorities.

Digital Transform

Compliance Training

Compliance Training is an integral part of an NBFC. It plays a key role in ensuring that the NBFC's employees understand their regulatory responsibilities, the relevant laws and rules, regulations and the company's internal policies and procedures. We offer compliance training and guidance to the NBFC's staff to enhance their understanding of regulatory requirements and best practices. Effective compliance training helps prevent compliance issues, promotes a culture of regulatory adherence and reduces the risk of regulatory violation.

Our Awards Our Awards

Top 100 Companies in Asia - Red Herring
Top 100 Companies in Asia - Red Herring

Red Herring Top 100 Asia enlists outstanding entrepreneurs and promising companies. It selects the award winners from approximately 2000 privately financed companies each year in the Asia. Since 1996, Red Herring has kept tabs on these up-and-comers. Red Herring editors were among the first to recognize that companies such as Google, Facebook, Kakao, Alibaba, Twitter, Rakuten,, Xiaomi and YouTube would change the way we live and work.

Top 25 in India - Consultants Review

Researchers have found out that organization using new technologies in their accounting and tax have better productivity as compared to those using the traditional methods. Complying with the recent technological trends in the accounting industry, Enterslice was formed to focus on the emerging start up companies and bring innovation in their traditional Chartered Accountants & Legal profession services, disrupt traditional Chartered Accountants practice mechanism & Lawyers.

Top 25 in India - Consultants Review

We partner with more than 100+ companies

-- Testimonials

Don't take our word for it

In the news

Get Started Live Chat

Get Expert Guidance