NBFC Corporate Governance 2025
Most people who start an NBFC spend enormous energy on getting the licence. Very few spend the same energy on what comes after. Governance is exactly that gap and in November 2025, the Reserve Bank of India permanently closed it.
The RBI issued the Non-Banking Financial Companies Governance Directions 2025 on 28 November 2025. For the first time in the history of NBFC regulation in India, governance has its own dedicated, standalone framework. It is no longer buried inside a master direction or spread across multiple circulars. These directions apply to Base Layer, Middle Layer, and Upper Layer NBFCs under the Scale Based Regulation framework. The obligations scale with size, but no registered NBFC is entirely outside their reach.
What changed is not just the paperwork. The RBI issued its first enforcement action specifically tied to governance non-compliance in March 2026. The message is clear: governance is now a supervisory priority, not a soft expectation.
RBI Enforcement Update: March 2026
The RBI penalised an NBFC in March 2026 for disbursing the entire variable compensation of its senior management as a single upfront payment, a direct violation of the mandatory deferral norms under the Governance Directions 2025. This was not a loan book or capital adequacy penalty. It was a board-room decision that attracted regulatory action. This signals a fundamental shift in how the RBI supervises NBFCs today.
What Is Different About the 2025 Governance Directions
Before November 2025, NBFC governance norms were fragmented. Some rules lived inside the Scale Based Regulation Master Directions. Others existed as standalone circulars. The result was confusion, inconsistent implementation, and gaps that weak governance structures quietly exploited.
The Governance Directions 2025 bring everything under one roof and add entirely new obligations. Independent directors are now restricted from sitting on more than three Middle or Upper Layer NBFC boards at the same time. The Chairperson and the CEO or Managing Director cannot be the same person in Middle and Upper Layer companies. If an NBFC wants to replace more than 30 percent of its board at once, it needs prior written approval from the RBI. These are precise, enforceable rules with consequences attached.
Board Composition: What the RBI Actually Expects
The Board of Directors is the starting point of all governance. The Governance Directions 2025 lay down clear requirements for who can sit on an NBFC board and what they must bring to the table.
At least one director must have direct experience of working in a bank or an NBFC. This is not optional and applies to all layers. For Middle and Upper Layer NBFCs, at least one-third of the board must be independent directors. Every director must satisfy the fit and proper criteria, which the NBFC must verify not only at the time of appointment but continuously throughout their tenure.
What does fit and proper mean in practice? It means clean credit history, no fraud convictions, no unresolved defaults with financial institutions, and no conflict of interest that would compromise their independence. The RBI supervisory team cross-checks director profiles during every inspection. A director who does not meet the standard is not a minor compliance gap. It is a governance failure that triggers regulatory direction.
Key Rule: Board Reconstitution Needs RBI Approval
If your NBFC plans to change more than 30 percent of its directors at the same time, whether due to investor requirements, promoter decisions, or internal restructuring, prior written approval from the RBI is mandatory under the Governance Directions 2025. Acting without this approval is a direct violation.
The Three Board Committees Every NBFC Must Understand
Middle Layer and Upper Layer NBFCs must form three specific board committees. These are not optional structures. Each committee has defined membership requirements, a specific mandate, and accountability to the RBI.
Audit Committee of the Board: Oversees financial reporting, internal audit outcomes, and statutory audit quality. The Chief Internal Auditor must report directly to this committee and not to the CEO or CFO. This reporting line is what gives the audit function its independence. Without it, management can suppress findings that reflect poorly on their own decisions.
Nomination and Remuneration Committee: Responsible for evaluating the fit and proper status of directors and Key Managerial Personnel and for framing the compensation policy. Variable pay must be genuinely at risk. It cannot be guaranteed, and it cannot be paid entirely upfront.
Risk Management Committee: Supervises the risk architecture of the entire organisation. For NBFCs with assets above Rs. 5,000 crore, a dedicated Chief Risk Officer is mandatory and must have voting rights in credit sanction committees. Every member of that committee, including the CRO, carries individual and joint liability for risk assessments.
Compensation Governance: The Rules Most NBFCs Are Getting Wrong
The compensation provisions in the Governance Directions 2025 apply to Middle and Upper Layer NBFCs and are among the most specific requirements in the entire framework. Senior management pay must be structured to reflect long-term risk outcomes, not just short-term revenue numbers.
Deferral, Malus, and Clawback Explained
A significant portion of variable compensation for senior KMPs must be deferred over multiple years. The deferral percentage increases with seniority and risk responsibility. Two recovery mechanisms now apply.
Malus allows the NBFC to reduce or cancel unvested deferred pay if it is established that the individual's performance contributed to poor financial outcomes or regulatory breaches during the deferral period. Clawback goes further. It allows the company to recover compensation that has already been paid, if fraud, misconduct, or deliberate financial misreporting is discovered afterwards. Both provisions must appear in the individual's employment contract, not just in the HR policy document. A policy reference without a contract clause is not enforceable and does not satisfy the RBI requirement.
Chief Compliance Officer: Independent by Design
Every Middle Layer and Upper Layer NBFC must appoint a Chief Compliance Officer. The CCO must be senior enough in the organisation to carry genuine authority. A compliance function led by someone who can be overruled by the sales team or the lending head is not a compliance function at all.
The CCO must operate entirely independently from business and operations. They must have a direct reporting line to the Board, not to the CEO. The Governance Directions 2025 make this independence a structural requirement. The purpose is to create a compliance culture that is not hostage to business targets. During RBI supervisory visits, the CCO's function is one of the first things inspectors examine. A CCO who reports to the CEO is flagged immediately as a governance deficiency.
What RBI Inspectors Actually Check in 2026
Supervisory inspections in 2025 and 2026 have moved beyond balance sheets and NPA ratios. The RBI now assesses governance quality as a standalone supervisory dimension. Inspectors examine whether committees are actually meeting, whether audit findings are being acted upon, whether the CCO and CRO have real independence, and whether compensation structures comply with deferral norms.
| Governance Area | Deficiency Flagged | RBI Action |
|---|---|---|
| Board Composition | No director with banking or NBFC experience | Direction to reconstitute board |
| Audit Committee | Internal auditor reporting to CEO | Immediate restructuring order |
| CRO Appointment | CRO role merged with CFO function | Direction to separate roles |
| KMP Compensation | Full variable pay disbursed upfront | Monetary penalty under RBI Act |
| CCO Independence | CCO reporting to business head | Adverse supervisory rating |
The distinction between a smooth inspection and a difficult one now depends significantly on how well governance is actually practised, not just documented. Policies on paper without functioning structures behind them create exactly the kind of risk the RBI is trying to eliminate.
Conclusion
NBFC corporate governance in 2026 is a regulatory priority with real enforcement teeth. The Governance Directions 2025 give every NBFC a clear and detailed map of what is required. The March 2026 penalty action confirmed that the RBI is reading that map alongside you and checking whether your organisation is following it.
Getting governance right is not only about avoiding penalties. A well-governed NBFC attracts better credit ratings, stronger investor confidence, and lower borrowing costs. It builds the institutional trust that determines whether a lending organisation survives a rough credit cycle. The board room decisions you make today are the risk outcomes your borrowers and lenders will experience tomorrow.
Next Step for Your NBFC
Conduct a gap analysis against the Governance Directions 2025 before your next RBI supervisory cycle. Prioritise board reconstitution, committee formation, CCO appointment, and KMP contract updates with enforceable malus and clawback clauses. Working with a qualified NBFC compliance specialist reduces implementation risk and ensures you are inspection-ready.
Blog Summary
The RBI's NBFC Governance Directions 2025, notified on 28 November 2025, introduced India's first standalone governance framework for NBFCs, replacing scattered provisions across multiple master directions. Key obligations include fit and proper board composition with mandatory independent directors for Middle and Upper Layer NBFCs, three functioning board committees covering audit, nomination and remuneration, and risk management, appointment of a Chief Compliance Officer and Chief Risk Officer, and KMP compensation structures with mandatory deferral along with enforceable malus and clawback clauses in individual contracts. The RBI issued its first governance-specific penalty in March 2026. Governance quality is now an independent supervisory dimension examined during every RBI inspection.
Frequently Asked Questions
Q1. Do Base Layer NBFCs have any obligations under the Governance Directions 2025?
Yes. Base Layer NBFCs must comply with Chapter III of the Governance Directions 2025. This includes having a board-approved fit and proper policy for directors, ensuring at least one director has prior experience in a bank or NBFC, and maintaining basic governance standards. The more demanding requirements around board committees, the Chief Compliance Officer, and compensation governance apply from the Middle Layer upward. However, Base Layer NBFCs should not treat Chapter III as a formality. The fit and proper verification requirement is ongoing, not a one-time check at appointment.
Q2. What exactly must be in an NBFC's KMP employment contract to comply with the compensation rules?
Under the Governance Directions 2025, every KMP employment contract in a Middle or Upper Layer NBFC must contain two specific provisions. First, a malus clause giving the company the contractual right to reduce or cancel unvested deferred variable pay if the KMP's role contributed to poor financial outcomes or regulatory violations. Second, a clawback clause giving the company the right to recover variable pay already disbursed if fraud, misconduct, or deliberate financial misreporting is subsequently discovered. Mentioning malus and clawback in the HR policy alone is not sufficient. The RBI requires these provisions to be embedded directly in the employment agreement as enforceable contractual terms.
Q3. Can the same person serve as both Chairperson and Managing Director in an NBFC?
No, not in Middle Layer or Upper Layer NBFCs. The Governance Directions 2025 explicitly prohibit the same individual from holding both the Chairperson position and the Managing Director or CEO role in these categories. The separation of these two roles is a fundamental governance requirement designed to ensure that the board exercises genuine oversight over management, rather than having management effectively oversee itself. For Base Layer NBFCs the prohibition does not apply under the current framework, but as the NBFC grows and crosses into the Middle Layer, the roles must be separated before the classification takes effect.