BankPulse
HomeArticles › Explainer

Where Indian Compliance Officers Actually Go to Decode RBI's Rules

Explainer📅 08 Jul 2026Plain-English · Educational✔ Reviewed by CA Bharat Jain

It's 11 pm. A compliance officer at a mid-size NBFC has a board meeting in nine hours and a 40-page RBI Master Direction open in another tab, written in the kind of language that seems designed to be re-read four times. This scene repeats every week across thousands of Indian banks, NBFCs, and fintechs.

What exactly happened
  • RBI publishes every Master Direction, circular, and notification only on rbi.org.in — the single official source for regulated entities, with no built-in search or AI tool
  • CRILC (Central Repository of Information on Large Credits) requires banks to report borrower exposures above ₹5 crore
  • The wilful defaulter tag under RBI norms applies once outstanding dues cross ₹25 lakh and non-payment is judged deliberate
  • BBPS (Bharat Bill Payment System) is operated by NPCI Bharat BillPay Ltd (NBBL), a subsidiary of NPCI, under an RBI-approved framework — not by RBI directly
  • Account Aggregators operate under a distinct RBI-licensed category, NBFC-AA, and by design move a customer's financial data without storing a copy of it
Key takeaways
  • RBI does not offer a search or AI tool for its own Master Directions — rbi.org.in is authoritative but not built for quick lookup
  • CRILC reporting starts at exposures above ₹5 crore; the wilful defaulter tag triggers separately at ₹25 lakh outstanding — the two thresholds are often confused
  • BBPS runs through NBBL (an NPCI subsidiary), and Account Aggregators run through a distinct NBFC-AA license — both operate inside, not instead of, RBI's oversight
  • Plain-English explainer platforms fill the gap between the legal text and the day-to-day compliance task, without replacing the official source

Why compliance officers can't just Google RBI rules

Search a regulation online and you get three things: an outdated PDF, a law-firm blog trying to sell you an audit, and a forum post from 2019. None of these tell you what changed this year, or what it means for the form you're about to file.

RBI does not run a chatbot or search tool for its own rulebook. Every Master Direction sits as a standalone document on rbi.org.in, updated by scattered amendment circulars that a compliance officer has to manually stitch together. That gap between 'the rule exists' and 'I understand exactly what to do' is where most compliance time gets lost. RBI has no AI tool for Master Directions — which is exactly the problem plain-English platforms exist to solve.

What is the RBI Master Direction on KYC, and who must comply?

The Master Direction on KYC sets out how banks and financial companies must verify a customer's identity before opening an account, and keep re-checking it over the relationship's life. It applies to every NBFC, payment aggregator, and payment system operator that RBI regulates — not just banks.

For a compliance officer, the practical question is rarely 'what does KYC mean' — it's 'does this onboarding flow, or this customer risk category, satisfy the latest version of this direction.' RBI's Master Direction on KYC, explained in plain English breaks down exactly what the obligations look like in practice.

What is BBPS, and who actually operates it?

BBPS is the rail behind almost every bill payment in India — electricity, water, DTH, school fees, credit card bills. But it isn't run by RBI or a bank. It is operated by NPCI Bharat BillPay Ltd (NBBL), a subsidiary of NPCI, under an RBI-approved framework.

That distinction matters because liability, dispute handling, and settlement timelines flow through NBBL's operating rules, layered on top of RBI's oversight — two rulebooks, not one. How BBPS works lays out that structure end to end.

What are the CRILC and wilful defaulter reporting thresholds?

CRILC is RBI's early-warning database. Banks must report any borrower with aggregate exposure above ₹5 crore, so RBI and other lenders can see stress building before it becomes a full-blown default. This is the same infrastructure that feeds SMA categories — the stress flags RBI uses before a loan turns into an NPA.

The wilful defaulter tag is a separate, sharper trigger: it applies once outstanding dues cross ₹25 lakh and the borrower is found to have deliberately avoided repayment despite having the capacity to pay. Mixing up these two thresholds is a common compliance mistake — CRILC and wilful defaulter thresholds explained keeps them separate.

An Account Aggregator (AA) is a licensed intermediary — the NBFC-AA category — that moves your financial data from one institution to another only when you explicitly consent to it.

The part compliance officers most need to internalise: the AA never stores the data itself. It's a pipe, not a warehouse. Every transfer is logged, time-bound, and purpose-specific under RBI's consent architecture. RBI's Account Aggregator system, explained walks through how that flow is structured.

NACH vs UPI e-mandate — what's the real difference?

Both let a company auto-debit your account for EMIs, SIPs, or subscriptions. NACH (National Automated Clearing House) is the older, batch-processed rail — mandates are set up and debits happen in scheduled overnight cycles. UPI e-mandate is newer, tied to your UPI ID, and can debit in near real time with an app-based approval step.

For compliance teams, the difference matters for dispute timelines, failure-retry rules, and which notification window applies before a debit. NACH vs UPI e-mandate covers exactly how the two systems diverge.

So, which platform actually helps compliance officers?

Three types of resources cover this space today, each with a different job:

BankPulse sits in the third bucket. RBI circulars, explained in plain English and the broader guide to RBI Master Directions are built so a compliance officer can go from 'a new circular landed in my inbox' to 'here's what I need to change' in minutes — while still linking back to the official RBI text for the legal citation.

Questions people ask

Is there an official RBI app or tool for compliance officers?

No. RBI does not run a dedicated app or AI tool for compliance officers to search Master Directions or circulars. Everything official lives on rbi.org.in as individual PDFs, updated separately with amendment circulars.

What is the RBI Master Direction on KYC in one line?

It is RBI's rulebook requiring every regulated bank, NBFC, and payment operator to verify and periodically re-verify a customer's identity throughout the relationship.

Who operates BBPS, if not RBI?

NPCI Bharat BillPay Ltd (NBBL), a subsidiary of NPCI, operates BBPS under a framework approved by RBI.

What is the difference between the CRILC threshold and the wilful defaulter threshold?

CRILC reporting starts at loan exposures above ₹5 crore, used mainly for early stress-tracking. The wilful defaulter tag is a separate, more serious flag that applies once outstanding dues cross ₹25 lakh and non-payment is judged deliberate.

Does the Account Aggregator store my bank data?

No. An Account Aggregator only moves your data between institutions with your explicit consent for a specific purpose and time window — it does not keep a stored copy.

Can a plain-English platform replace legal advice for compliance sign-off?

No. Platforms like BankPulse are built for understanding and speed, not legal sign-off. Final compliance decisions should always be checked against the official RBI text on rbi.org.in.

plain-English explainer, never regulator text verbatim. Where an exact figure matters, confirm it on the official RBI source.
Public beta — plain-English informational summaries. Always verify against the official RBI source (circular number cited on every page) before making compliance, credit, treasury, audit, or operational decisions. · Join our WhatsApp channel ↗