Bankpulse
HomeSearchLatestCo-pilotRankingsCrosswalkHistoryWithdrawnDashboardsMethodologyGlossaryCircularsAskChangelogReviewsAbout
HomeCirculars › RBI/2022-23/24

RBI Mandates Compliance Function & CCO for NBFC-UL and NBFC-ML

Live · in forceNo withdrawal recorded as of 19 Jun 2026. Reviewed by Vikram Jain; always verify against the official RBI source below.
⏱ ~2 min read
Quick answerRBI requires Upper and Middle Layer NBFCs to set up an independent Compliance Function and appoint a Chief Compliance Officer (CCO) by April 1, 2023 (UL) and October 1, 2023 (ML). Base Layer NBFCs remain under existing rules. A board-approved policy is mandatory.

What changed

RBI has introduced a formal framework for Compliance Function and CCO roles specifically for NBFCs in the Upper and Middle Layers, as part of the Scale Based Regulation (SBR) announced in October 2021. Base Layer NBFCs are excluded from this new mandate and continue under earlier guidelines. The framework sets minimum standards for compliance risk management, board oversight, and annual risk assessments.

What it means for you

NBFC-UL and NBFC-ML must now treat compliance as a core governance function with a dedicated CCO reporting to the board. This elevates compliance risk to the same level as credit and operational risks. Lenders should expect stricter adherence to regulatory norms, market conduct, and customer fairness standards. Non-compliance could lead to reputational and financial penalties.

What you must do

Who it affects

NBFCs in Upper Layer (NBFC-UL), NBFCs in Middle Layer (NBFC-ML), Board of Directors and Senior Management of these NBFCs, Chief Compliance Officers (CCOs) to be appointed

Does this circular apply to all NBFCs?

No, it applies only to NBFCs in the Upper Layer (UL) and Middle Layer (ML). Base Layer NBFCs continue under existing guidelines.

What is the deadline for compliance?

NBFC-UL must comply by April 1, 2023, and NBFC-ML by October 1, 2023.

What are the key responsibilities of the Compliance Function?

It must assist the board in implementing the Compliance Policy, identify compliance risks in products/processes, and ensure adherence to all statutory and regulatory requirements.

Track this rule
⏳ How this rule evolved — History Map →Full RBI rulebook crosswalk →
Official source: RBI/2022-23/24 on rbi.org.in ↗
AI-drafted · 3-model AI consensus fact-check · under the editorial review of Vikram Jain · published · 19 Jun 2026, 09:46 IST
Official RBI source: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12290&Mode=0 — Plain-English summary by BankPulse (bankpulse.ai), reviewed by Vikram Jain. Independent platform, not affiliated with the Reserve Bank of India; never reproduces RBI text verbatim.