Over the past year, there has been a noticeable focus from the RBI and MCA on anti-money laundering (AML) and risk assessments. The RBI, recognized for its advanced AML practices, has been emphasizing its role in inspecting NBFCs (Non-Banking Financial Companies) for compliance. This has led to the imposition of penalties on companies that fail to assess risk profiles properly, especially when they don’t gather adequate information about applicants’ employment or residential details.

RBI’s AML Focus for NBFCs:

  • The RBI has highlighted the importance of AML compliance for NBFCs, with a strong emphasis on Know Your Customer (KYC) procedures.
  • NBFCs must ensure proper assessment of customer risk profiles and monitor transactions for suspicious activities.
  • Key gaps in AML compliance have been identified, such as inadequate customer identification systems and insufficient monitoring of suspicious transactions. It is vital for NBFCs to track unusual behaviors, such as a third party paying a loan on behalf of the borrower. Regular reviews, proper training, and dedicated monitoring systems are crucial.

Training and Guidance on Compliance:

  • There is a noticeable gap in available training for AML and KYC processes.
  • Training should be focused on the four pillars of AML: customer identification, customer acceptance, risk management, and transaction monitoring.
  • The RBI has issued a guidance note to help NBFCs conduct proper AML/CFT (Countering Financing of Terrorism) assessments.
  • A significant opportunity exists to offer training on these four pillars, and quarterly sessions are essential for compliance.

Additionally, the RBI has released new guidance on internal risk assessments for money laundering and terrorist financing, which aligns with international Basel norms. This guidance now provides clearer frameworks for auditing risk assessments and performing compliance checks on NBFCs.

Looking ahead, the RBI is turning its attention to data security, data governance, risk management frameworks, and data quality. The introduction of the Centralised Information Management System (CIMS) for reporting will allow the RBI to evaluate the quality of business data and returns.

Moreover, the RBI is working on regulations to standardize interest rates in digital lending and prevent multiple inquiries from credit bureaus that may harm credit scores. This will have a significant impact on digital lending platforms that aggregate loan offers from various NBFCs.

The RBI is also addressing concerns regarding connected lending and securitization, focusing on ensuring that loans are not given to related parties inappropriately. Updated guidelines for securitization will enable stressed assets to be transferred to asset reconstruction companies (ARCs), and special purpose vehicles (SPVs) will be used to collect loans from investors.

Finally, the RBI is increasing its scrutiny of NBFCs’ consumer protection practices. They are now assessing whether companies adhere to fair practices, and complaint management systems have been established for better monitoring. Consumer protection is becoming a more heavily regulated area, with actions being circulated to ensure compliance with fair lending practices.

Upcoming Regulations:

  • Focus on data security and information governance, along with analysis of data quality in returns filed on the CIMS portal.
  • Increased inspection collaboration with the MCA to gain insights into NBFCs.
  • Draft regulations for digital lending platforms aim to prevent practices that negatively affect credit scores due to multiple loan offers.
  • Revisions are being made to ensure fair interest rates, penalty charges, and consumer protection.
  • Changes are also being made to board composition and director changes in NBFCs, along with new regulations for connected lending and securitization.
  • Development of consumer protection matrices to monitor how NBFCs treat their customers.