The Four-Layer Structure — Where You Sit and What It Means
| Layer | Criteria | Asset Share | Key Trigger |
|---|---|---|---|
| Base Layer (NBFC-BL) | Non-deposit NBFCs, assets < ₹1,000Cr; P2P; Account Aggregators | 5.2% | Asset growth past ₹1,000Cr triggers ML classification |
| Middle Layer (NBFC-ML) | All deposit-taking NBFCs; non-deposit NBFCs ≥ ₹1,000Cr; HFCs; CICs; IFCs; SPDs | 64.6% | RBI identification / group asset threshold |
| Upper Layer (NBFC-UL) | Top 10 eligible NBFCs by asset size + RBI-identified systemic entities | 30.2% | Annual RBI scoring and identification |
| Top Layer (NBFC-TL) | Extreme systemic risk — ideally empty | 0% | RBI discretionary classification from UL |
Middle Layer — The Six Non-Negotiable Compliance Obligations
NBFC-ML must have a designated CCO at the senior management level — reporting directly to the MD/CEO, with a dotted line to the Board Audit Committee. The CCO cannot be a shared role. RBI inspections specifically test the independence and seniority of the CCO.
NBFC-ML must maintain an ICAAP framework — a Board-approved internal assessment of capital adequacy covering all material risks: credit, market, operational, liquidity, and concentration. ICAAP must be reviewed annually and stress-tested.
Single counterparty exposure must not exceed 25% of Tier 1 capital. Group exposure must not exceed 40% of Tier 1 capital. Real-time monitoring of large exposures must be reported to RBI in the prescribed format.
Board-approved compensation policy for Key Managerial Persons and senior management is mandatory for NBFC-ML (excluding government-owned entities). Policy must link variable pay to risk-adjusted performance and include claw-back provisions.
NBFC-ML entities with assets above ₹500Cr must implement a Core Financial Services Solution — a technology infrastructure equivalent to core banking. This addresses concerns about system fragmentation and data integrity in larger NBFCs.
Already applicable to all NBFC-ML entities prior to the glide path that Base Layer NBFCs are now meeting. NBFC-ML must also maintain standard asset provisioning at 0.40% and have Board-approved provisioning policies with no deviation.
Upper Layer — What Changes at the Top
NBFC-UL entities face all NBFC-ML obligations plus enhanced supervisory engagement. RBI identifies Upper Layer NBFCs annually through a scoring methodology that considers asset size, interconnectedness with the banking system, nature and complexity of liabilities, and group structure. Being placed in the Upper Layer is not permanent — entities can move out if their risk profile changes.
The most significant additional obligation for NBFC-UL is the expectation of near bank-like governance — including more intensive RBI supervisory reviews, enhanced capital requirements including Common Equity Tier 1, leverage ratio monitoring, and more granular regulatory reporting.
What the SBR Review Means for Compliance Planning
RBI initiated a review of the SBR framework in late 2025, driven by concerns about the growing systemic role of NBFCs and rising interconnectedness with banks. The review is expected to tighten concentration risk norms, enhance reporting requirements, and potentially revisit the layer classification criteria. NBFC-ML and NBFC-UL entities should be building compliance frameworks that exceed current minimum requirements — because the minimums are moving.
Navigating Middle or Upper Layer compliance obligations?
A structured compliance gap assessment will identify where your NBFC stands against current SBR obligations — and what the review is likely to add.
Book a Discovery Call