NBFC RBI Inspection Preparation — Compliance Audit Checklist 2026
RBI conducts annual inspections of NBFCs under DNBR. Common findings include KYC gaps, FPC violations, CIMS errors, and board policy lapses. MICS prepares NBFCs for inspection with a mock audit and gap report.
MICS Team··6 min read
NBFC RBI Inspection Preparation — Compliance Audit Checklist 2026
RBI's Department of Non-Banking Regulation (DNBR) conducts annual or biennial inspections of registered NBFCs. The inspection covers the previous year's operations — board governance, financial compliance, customer protection, KYC, CIMS reporting, and operational practices. NBFCs that are not prepared face inspection observations that become the basis for regulatory action, cancellation of Certificate of Registration, or adverse remarks that affect future fundraising.
MICS conducts a comprehensive mock RBI inspection to identify and remediate gaps before the real inspection arrives.
#
What RBI Inspects
1. Board and Governance
- Board meeting frequency: minimum 4 board meetings per year
- Committee structure: Audit Committee, NRC, Risk Management Committee (for larger NBFCs)
- Board composition: independent directors as per regulations
- Board minutes: quality of discussions — does the board actually review compliance metrics?
- Board-approved policies: FPC, KYC, Data Privacy, Grievance Redressal — adopted and reviewed annually
- Related party transactions: disclosed and approved per Companies Act
2. Capital Adequacy
- Net Owned Fund (NOF): minimum Rs. 10 crore for non-deposit taking NBFCs
- Capital to Risk-Weighted Assets Ratio (CRAR): minimum 15%
- Leverage ratio: borrowings vs. owned funds
3. Asset Quality
- NPA classification: correct identification of Standard / Sub-Standard / Doubtful / Loss
- Provisioning: adequate provision as per RBI prudential norms
- Income recognition: interest on NPA accounts — stopped at NPA date
- Concentration: single borrower and group borrower limits
4. KYC Compliance
- CDD (Customer Due Diligence): complete KYC for all customers
- Periodic KYC refresh: risk-based update (high-risk customers annually)
- CKYC uploads: new borrowers uploaded to CERSAI
- V-CIP compliance: if digital onboarding, V-CIP requirements met
- KYC audit log: who conducted KYC, when, and what was verified
5. Digital Lending Compliance
- KFS issued for every loan
- APR disclosed
- Cooling-off period available
- Collection practices: call time, authorised agents, recorded calls
- No collection by unauthorised third parties
- LSP (Lending Service Provider) agreements: documented
6. CIMS Reporting
- All monthly returns filed on time
- Data quality: PAN correctness, DPD accuracy, outstanding amount accuracy
- Reconciliation with internal books
7. Grievance Redressal
- Complaint register: all complaints logged with status
- Resolution TAT: within 30 days
- Nodal Officer: name published on website
- Quarterly grievance report to board
- RBI Ombudsman escalations: handled correctly
8. Interest Rate and Charge Policy
- Interest rate communicated in APR
- Penal charges: only on overdue amount, not entire outstanding
- No pre-payment penalty on floating rate individual loans
- Processing fee: refund policy disclosed
9. Fair Practices Code
- FPC published on website
- No harassment complaints without resolution
- Collection staff training records
- Call recording available for 90 days
10. DPDP Act Compliance (from 2025)
- Data inventory
- Consent records
- Data retention policy
- Breach response plan
#
MICS RBI Inspection Preparation Service
Step 1: Pre-Inspection Mock Audit (2 weeks)
- MICS compliance team reviews NBFC against all inspection parameters
- Document review: all board policies, KYC files, CIMS submissions, grievance register
- System review: MICS software reports — NPA classification accuracy, CIMS data quality
- Interview: key personnel (Compliance Officer, CFO) on operational practices
- Finding report: all gaps rated by severity (Critical, High, Medium, Low)
Step 2: Remediation Support (4-8 weeks)
- Critical gaps: address immediately before inspection
- Board resolution: backdating not acceptable — fresh resolutions where needed
- CIMS resubmission: if historical CIMS data has errors, coordinate correction
- Policy update: if board policies are outdated, MICS provides updated drafts
- Staff training: if collection or KYC staff training records are missing, conduct and document
Step 3: Inspection Support
- Data room preparation: organised folder structure for all documents inspectors will request
- Data pull readiness: MICS system queries ready for common inspector requests (top 50 exposures, NPA list, collection call logs)
- Compliance officer coaching: what to say, what to flag, what to prepare for
#
Common Findings MICS Has Corrected Pre-Inspection
- CIMS data with DPD misclassification (6 months of corrected resubmissions)
- Board policies not reviewed in 3+ years (fresh board resolutions)
- KYC documents missing for 15% of borrowers (physical collection drive)
- Collection calls recorded but not retrievable (audio archive system implemented)
- FPC not published on website (website update + board minute confirming)
- Nodal Officer contact not published (website compliance widget)
#
Pricing
- Mock RBI inspection audit: Rs. 50,000 (includes gap report and remediation roadmap)
- Remediation support: Rs. 25,000/month during remediation period
- Inspection data room setup: Rs. 15,000 one-time
Book a pre-inspection audit: +91 9355273535 | admin@mics.asia
RBI InspectionNBFCCompliance AuditDNBRRegulatory
Need Help Implementing This?
Talk to MICS experts — free 30-min consultation, no commitment.