RBI Compliance Checklist: What Your NBFC Needs Before the Next Audit

RBI inspections for NBFCs are thorough. Inspectors look for specific records — and the absence of any one can result in findings, penalties, or restrictions. This checklist covers the areas examiners focus on most.

KYC Records: Every customer must have a completed KYC file — Aadhaar, PAN, address proof, photo. The records must be current (renewed per RBI KYC norms). A digital platform should give you searchable KYC status per customer in seconds.

Loan Sanctioning Process: Inspectors look for evidence that credit assessment was done before disbursement — credit score pull, income verification, LTV calculation. This must be logged, not just asserted.

Maker-Checker Controls: Any sensitive transaction — disbursement, waiver, write-off — must show evidence of dual control. A second staff member must have reviewed and approved it. This should be a system control, not a manual policy.

Fair Practices Code (FPC): Your loan application, sanction letter, and customer communication must reflect the interest rate, all fees, and repayment terms clearly. Inspectors compare what the customer was told against what was charged.

DPD Classification and NPA Provisioning: Your portfolio must be classified correctly — Standard, Sub-Standard (NPA > 90 DPD), Doubtful, Loss. Provisioning requirements differ by bucket. This should be automated, not done in Excel the night before.

Audit Log: Every action on a loan record — update, override, approval, rejection — must be logged with the user ID, timestamp, and IP address. This cannot be reconstructed retroactively.

A digital lending platform that logs everything immutably, enforces maker-checker, and generates RBI-format reports is not a luxury — it is the infrastructure required to operate safely at scale.