Kinnari Sanghvi & Divyanshu Sharma – [2024] 166 taxmann.com 610 (Article)
Pursuant to the Master Directions on Fraud Risk Management in Non-Banking Financial Companies dated July 15, 2024 (“Directions”), the Reserve Bank of India (“RBI”) recently amended and consolidated the fraud risk management and reporting obligations of non-banking finance companies (“NBFCs”) (including housing finance companies). The Directions are applicable to NBFCs in the upper, middle, and base layer (with an asset size of INR 5 billion and above, as per the audited balance sheet as on March 31 of the immediately preceding financial year), respectively (“Applicable NBFCs”). Such layers relate to the existing scale-based regulatory framework for regulating NBFCs (“SBR Framework”) based on their size, activity, and perceived risk. The Directions superseded the Master Direction – Monitoring of Frauds in NBFCs (Reserve Bank) Directions, 2016 (“2016 Master Direction”) and repealed three previous circulars dated June 6, 2022, July 1, 2022, and October 3, 2022, respectively.
By introducing a new comprehensive regime for Applicable NBFCs pursuant to the Directions, the RBI’s aim is to ensure the prevention, early detection, and timely reporting of fraud. Several significant and focused changes have been introduced which will require Applicable NBFCs to revamp their existing policies, governance and board structures.
1. Significant Addition to Fraud Risk Management
Inspired by the 2023 judgement of the Supreme Court of India in State Bank of India v. Rajesh Agarwal [2023] 148 taxmann.com 425, an appeal which stemmed from challenges to the Master Directions on Frauds, the RBI has now mandated the observance of principles of natural justice before any entity/person is classified as fraudulent. In particular, the Supreme Court had held that for the purpose of preventing arbitrariness, the rule of audi alteram partem (i.e., each party is entitled to a fair hearing and must be given an opportunity to respond to evidence against them)must be read into regulatory directions on fraud.
2. Prevention
2.1 Governance structure
The Directions require Applicable NBFCs to set up an appropriate organizational structure for institutionalizing fraud risk management within their overall risk management functions and/or departments.
Applicable NBFCs are also required to put in place a transparent mechanism to ensure that whistleblower complaints on possible fraud cases and/or suspicious activities are examined and concluded appropriately under their respective whistleblower policies.
2.2 Board-approved policy
Each Applicable NBFC needs to put in place a policy on fraud risk management (“Policy”), which must be approved and reviewed by its board of directors at least once in three years, or oftener if prescribed by the board. Among other things, the Policy should:
- outline the roles and responsibilities of the Applicable NBFC’s board/board committees and senior management;
- incorporate measures for ensuring compliance with principles of natural justice in a time-bound manner;
- contain measures towards prevention, early detection, investigation, staff accountability and monitoring, as well as with respect to the recovery, analysis and reporting of fraud.
Further, the Policy should, at a minimum, provide for the issuance of a detailed show cause notice (“SCN”) to those persons (including third-party service providers and professionals), entities and their promoters/whole-time and executive directors against whom an allegation of fraud is being examined. The accused persons/entities must be given at least 21 days to respond to the SCN, and their responses/submissions should be examined by the Applicable NBFC pursuant to a well-established system before declaring them as fraudulent. A reasoned order conveying such decision is also required to be served upon the persons/entities concerned, including the facts and circumstances relied upon.
2.3 Special board committee for monitoring and follow-up of fraud cases or committee of the executives
Applicable NBFCs must constitute a special board committee for the monitoring and follow-up of fraud cases (“SCBMF”). An SCBMF must be headed by an independent director and consist of at least three board members comprising the chief executive officer (or the managing director where the chief executive officer is not a whole-time director) and two independent directors.
Pursuant to the SBR Framework, Applicable NBFCs which are categorized in the middle or base layer, will have the option of constituting a Committee of the Executives (“CoE”) with a minimum of three members, at least one of whom must be a whole-time director or an official of equivalent rank for the purpose of performing the required roles and responsibilities of SCBMFs.
The SCBMF/CoE of each Applicable NBFC will be responsible for overseeing the effectiveness of fraud risk management. In this regard, the SCBMF/CoE should also conduct root cause analysis and suggest mitigation measures for strengthening the internal controls and risk management framework of the Applicable NBFC, as well as minimize the incidence of frauds.
Click Here To Read The Full Article
The post [Opinion] Fraud Risk Management Obligations of NBFCs | Recent Changes Introduced by the RBI appeared first on Taxmann Blog.