Practitioner analysis on RBI compliance, DPDPA, Digital Lending, CIC obligations, and BFSI regulatory developments.
The RBI's Digital Lending Guidelines have been in force since 2022. Yet most NBFCs still have significant gaps in LSP governance, FLDG structure, KFS implementation, and digital loan agreement requirements.
Read article →The Digital Personal Data Protection Act 2023 is now law. NBFCs that wait for the Rules before acting will not have enough time to build a compliant data processing framework.
Read article →CICRA 2005 and the 21 RBI circulars on credit information set out an intricate framework of obligations. Most compliance teams know only a fraction of them.
Read article →A complete regulatory corpus for Credit Information Companies spans 21 instruments — from primary legislation in 2005 through to Amendment Directions issued in January 2026. Most CICs are operating against an incomplete picture of their obligations.
Read article →RBI's Amendment Directions of December 2025 introduce a 4-reference-date credit reporting regime. Four major reforms come into force simultaneously on July 1, 2026. Every CI and CIC must be operationally ready.
Read article →From July 1, 2026, file-level DQI must be delivered within 3 calendar days. The weighted average DQI formula becomes mandatory. Poor DQI now has direct regulatory consequences via DAKSH.
Read article →Two instruments from November and December 2025 have fundamentally changed CIC reporting for ARCs. Membership of all four CICs, UCRF reporting, CKYC obligations, and July 2026 readiness — all now mandatory.
Read article →The ₹100/day compensation framework creates compounding liability for unresolved grievances. Combined with Internal Ombudsman Directions 2026 and RBIOS, consumer protection is now the most scrutinised CIC compliance dimension.
Read article →The 90-day NPA glide path is fully effective from March 2026 for Base Layer NBFCs. Most are still operating on 120-day practices. What changes, the provisioning impact, and what the Board must approve.
Read article →The DPDP Rules were notified November 2025. Phase 2 obligations — breach response, DPIAs, independent audits — are due by November 2026. A practical compliance roadmap for BFSI institutions.
Read article →RBI's January 2026 directions mandate Internal Ombudsman for qualifying NBFCs. Independence criteria, 7-year experience requirement, Board reporting, and what replaces the 2023 framework.
Read article →RBI is reviewing SBR amid concerns about NBFC-bank interconnectedness. Middle Layer (₹1,000Cr+) and Upper Layer obligations — CCO mandate, large exposure, ICAAP, compensation policy.
Read article →From January 2026, banks need explicit RBI authorisation for all digital channels. New governance standards, eligibility criteria, ring-fencing of core banking, and board-approved restructuring plans.
Read article →The 6-hour material cyber incident reporting window and mandatory CERT-In annual audit are the two requirements most NBFCs are least prepared for. What each covers and how to get ready.
Read article →RBI's April 2026 amendment creates a new category of NBFCs exempt from registration. CoR surrender window open till September 30, 2026 via PRAVAAH. Who qualifies and what the risks are.
Read article →The July 2025 KYC Master Direction update changes beneficial ownership thresholds, CKYC upload timelines, video KYC standards, and re-KYC periodicity — now intersecting with DPDPA consent requirements.
Read article →DPDPA requires separate, purpose-specific consent for every use of borrower data — bureau inquiry, bank statement analysis, CKYC, collection. What your LOS must be retrofitted to capture.
Read article →