fbpx +91-9427557733/44

Audit Requirements for NBFC

Audit Requirements for NBFC

NBFCs have to operate as per regulatory guidelines, maintain financial records, and follow risk management practices and all these will be ensured by conducting audit of NBFCs . Various forms of audits were mandated by Regulatory authorities including statutory audits, internal audits, and compliance reviews to safeguard the interests of stakeholders and maintain financial stability.

Audit is one of the key function that ensures transparency.

Reserve Bank of India (RBI) and the Ministry of Corporate Affairs (MCA) under the Companies Act, 2013 governed audit requirements for NBFCs (Non-Banking Financial Companies).

A Non-Banking Financial Company (NBFC) is a company registered under the Companies Act, 2013 which is engaged in the business of loans and advances, acquisition of shares or securities, leasing, insurance business, or other financial activities, but does not hold a banking license.

NBFCs are regulated by the Reserve Bank of India under the provisions of the Reserve Bank of India Act, 1934.

NBFCs play a significant role in

  • Providing finance to MSME
  • Ensure funding for Infrastructure
  • Microfinance
  • Consumer loans
  • Financing of Vehicle and asset
  • Providing housing finance

Legal & Regulatory Framework Governing NBFC Audits

  • Reserve Bank of India Act, 1934: RBI has issued several guidelines for NBFC and provides the statutory basis for RBI regulation of NBFCs.
  • Companies Act, 2013: NBFCs have to comply with various provisions which is stated under the Companies Act 2013 related to statutory audit, auditor appointment, reporting standards, and corporate governance norms.
  • Master Directions for NBFCs: Reserve Bank of India issue Master direction for governing NBFCs audit which includes:
    • Prudential norms
    • Income Recognition & Asset Classification (IRAC)
    • Capital adequacy
    • Governance
    • Fair Practices Code
    • IT framework
  • Accounting Standards:
    • Larger NBFCs follow Indian Accounting Standards (Ind AS)
    • Other NBFCs follow Accounting Standards (AS)

Types of Audits Applicable to NBFCs

  1. Statutory Audit

As per the Companies Act, 2013 an annual  statutory  audit  have to be conducted by  every NBFC.

Key Features of statutory audit are:

  • Shareholders of the company appoints the Auditor in their general meeting  
  • Rotation of auditors are done  as per law
  • Statutory audit ensure Reporting under CARO (Companies Auditor’s Report Order)
  • It make sure that Reporting on internal financial controls has been done fairly .

The statutory auditor must additionally certify:

  • Compliance with RBI Directions
  • Income recognition practices
  • Asset classification
  • Provisioning norms
  • Capital Adequacy Ratio (CRAR)
  • Net Owned Funds (NOF)

2. Internal Audit

NBFCs have to implement a strong internal audit system, specially NBFC-D (Deposit Taking) and NBFC-ND-SI (Systemically Important). The Audit Committee of the Board oversees internal audit findings.

Scope of conducting internal audit are:

  • The process of Loan sanctioning has been reviewed effectively.
  • It ensures the accuracy of NPA classification
  • It helps in compliances of KYC/AML
  • A strong internal audit system leads to adherence of Policies. 
  • It helps in mitigating Operational risk assessment
  • Branch audits (if applicable) 

3. Tax Audit

When the company crosses the prescribed turnover or financial threshold limits then Tax audit becomes applicable under Section 44AB of the Income Tax Act, 1961. The tax audit report shall be submitted by auditor in Form 3CA/3CB and Form 3CD.

Objectives of Tax audit are :

  • Proper maintenance of books of accounts
  • It ensures that tax calculation were accurate
  • Tax audits helps in Compliance with provisions of income tax
  • Correct reporting of income and deductions.

4. RBI Compliance Audit

NBFCs must comply various regulatory guidelines were issued by Reserve Bank of India (RBI) . Non-compliance can lead to heavy penalties or cancellation of NBFC registration.

Key Areas of RBI Compliance Audit are :

  • Capital Adequacy Ratio (CAR)
  • Requirement of Net Owned Fund (NOF)
  • Exposure limits
  • Asset classification norms
  • Provisioning for bad loans
  • Corporate governance standards.

5. Information System (IS) Audit

An Information System Audit (IS Audit)evaluates the Information Technology (IT) environment of the NBFC.

NBFCs rely heavily on technology platforms and digital lending systems due to digitalization, Information System (IS) Audit helps in protecting sensitive financial data and provide security in digital operations.

Key Areas Covered in IS Audit:

  • IT security systems
  • Data protection mechanisms
  • Cybersecurity control
  • Software reliability
  • System backup and disaster recovery

6. Concurrent Audit

Concurrent audits are particularly useful for large NBFCs with multiple branches. This audit focuses on real-time transaction verification that’s why it is conducted throughout the financial year, instead of annually.

Objectives of Concurrent Audit are:

  • Early detection of irregularities
  • Monitoring high-value transactions
  • Verification of loan documentation
  • Checking compliance with credit policies

RBI Reporting Framework

NBFCs must regularly file various returns with RBI. Auditors verify the correctness of these filings. Failure to file can lead to regulatory action from RBI.

Common RBI Returns Filed by NBFCs are:

  • Annual return on financial indicators
  • Prudential norms compliance reports
  • NPA reporting
  • Statutory auditor certificates.

Consequences of Non-Compliance with NBFC Audit Requirements

NBFCs have to maintain strong audit systems and compliance frameworks, in case they fail to failure to comply then it can result in the following Possible Penalties:

  • Heavy monetary penalties
  • It leads to restriction of lending operations .
  • It leads to Suspension of activities of NBFC
  • It will lead to cancellation of RBI registration
  • Legal proceedings against directors

Best Practices for NBFC Audit Compliance

NBFCs should adopt the following practices for ensuring the effective compliance:

  • Maintain proper documentation and records
  • Implement strong internal control systems
  • Conduct periodic internal audits
  • Ensure timely regulatory filings
  • Regularly review RBI circulars and updates.

Conclusion

Audit requirements for NBFCs play an important role in maintaining financial transparency and regulatory compliance. Companies must adopt strong governance practices, internal controls, and proactive audit approach to remain compliant. A well-structured audit system builds trust among investors, regulators, and customers.

CS Deepa Sharma

Author is a associate member of the Institute of Company Secretaries of India (ICSI) and apart from that she holds LLB degree and Master in Commerce degree from Rajasthan University. She is having over 5 years of experience as a Practicing Company Secretary. She is well versed with all the matters related to Company Law and ROC matters, RERA , statutory reporting, Compliance Report and Corporate Governance. She is having good exposure in maintaining secretarial records as prescribed under Companies Act, 2013.


All author posts
You May Also Like
March 7, 2026|BY akshay BiwalNBFC vs. Banks in India: Key Differences

NBFC vs. Banks in India: Key Differences The financial system of India consists of various...

June 1, 2024|BY adminWHOLLY OWNED SUBSIDIARY COMPANY

WHOLLY OWNED SUBSIDIARY COMPANY A wholly owned subsidiary is a company that is entirely owned...

October 7, 2023|BY CS Deepa SharmaWhat is Dormant Company?

What is Dormant Company? As per under Section 455 of the Companies Act, 2013. A dormant...

Write a comment