India's risk-based internal audit requirement for NBFCs is credit positive: Moody's
Feb 08, 2021
Singapore, February 8 : The Reserve Bank of India (RBI) guidelines for non-banking finance companies (NBFCs) to implement a risk-based internal audit framework in line with banks is credit positive, Moody's Investors Service said on Monday.
The framework requires an NBFC's internal audit function to assess risks independently of its existing risk-management functions. The new guidelines will apply to all deposit-taking NBFCs or NBFCs with assets of more than Rs 50,000 crore as of March 31, 2022.
"The requirement is credit positive because it adds another layer of risk monitoring and improves the companies' resilience to unexpected shocks," said Moody's in its latest credit outlook.
The framework's application to the largest NBFCs reflects the RBI's ongoing efforts to strengthen and harmonise regulatory norms between NBFCs and banks. The NBFC sector has been increasingly important to credit growth in India.
NBFCs' total balance sheet more than doubled to Rs 49 lakh crore in 2020 from around Rs 20 lakh crore in 2015. At the same time, banks' exposures to NBFCs have also increased. According to RBI data, 8.5 per cent of gross bank credit was to NBFCs as of December 2020 compared with 4.8 per cent in December 2016.
Banks have traditionally been subject to stricter regulations and risk controls than NBFCs, creating regulatory arbitrage for NBFCs, even though they provide similar financial services. As a result, the RBI is gradually tightening supervision of the largest NBFCs to avoid systemic spillovers.
Over the past year, the RBI introduced dividend distribution policies for NBFCs, harmonised guidelines on the appointment of statutory auditors between banks and NBFCs, incentivised large NBFCs to convert to banks and proposed a scale-based approach to regulating NBFCs.
Moody's said the latest requirement will improve overall corporate governance and risk management framework for large and significant NBFCs.
The guidelines require NBFCs' internal audit functions to increase their focus on anticipating potential risks and mitigants as opposed to only testing the accuracy and reliability of financial records and adhering to legal requirements as currently.
They stipulate that the risk-based internal audit function should undertake an independent risk assessment to identify business risk and evaluate the effectiveness of risk control systems.
"The function will need to prepare a risk matrix, giving senior management and key stakeholders a comprehensive review for corrective measures," said Moody's.