Risk Management System – Appointment of Chief Risk Officer (CRO) for NBFCs

RBI/2018-19/184
DNBR (PD) CC. No.099/03.10.001/2018-19

May 16, 2019

Non-Banking Financial Company– Investment and Credit Companies, Infrastructure Finance Companies, 
Micro Finance Institutions, Factors and Infrastructure Debt Funds

Madam / Dear Sir,

Risk Management System – Appointment of Chief Risk Officer (CRO) for NBFCs

With the increasing role of NBFCs in direct credit intermediation, there is a need for NBFCs to augment risk management practices. While Boards of NBFCs should strive to follow best practices in risk management, it has been decided that NBFCs with asset size of more than Rs.50 billion shall appoint a CRO with clearly specified role and responsibilities. The CRO is required to function independently so as to ensure highest standards of risk management.

2. The NBFCs shall strictly adhere to the following instructions in this regard:

a) The CRO shall be a senior official in the hierarchy of an NBFC and shall possess adequate professional qualification/ experience in the area of risk management.

b) The CRO shall be appointed for a fixed tenure with the approval of the Board. The CRO can be transferred/ removed from his post before completion of the tenure only with the approval of the Board and such premature transfer/ removal shall be reported to the Department of Non-Banking Supervision of the regional office of the Bank under whose jurisdiction the NBFC is registered. In case the NBFC is listed, any change in incumbency of the CRO shall also be reported to the stock exchanges.

c) The Board shall put in place policies to safeguard the independence of the CRO. In this regard, the CRO shall have direct reporting lines to the MD & CEO/ Risk Management Committee (RMC) of the Board. In case the CRO reports to the MD & CEO, the RMC/ Board shall meet the CRO without the presence of the MD & CEO, at least on a quarterly basis. The CRO shall not have any reporting relationship with the business verticals of the NBFC and shall not be given any business targets. Further, there shall not be any ‘dual hatting’ i.e. the CRO shall not be given any other responsibility.

d) The CRO shall be involved in the process of identification, measurement and mitigation of risks. All credit products (retail or wholesale) shall be vetted by the CRO from the angle of inherent and control risks. The CRO’s role in deciding credit proposals shall be limited to being an advisor.

e) In NBFCs that follow committee approach in credit sanction process for high value proposals, if the CRO is one of the decision makers in the credit sanction process, the CRO shall have voting power and all members who are part of the credit sanction process, shall individually and severally be liable for all the aspects, including risk perspective related to the credit proposal.

3. Master Direction - Non-Banking Financial Company - Systemically Important Non-Deposit taking Company and Deposit taking Company (Reserve Bank) Directions, 2016 has been modified accordingly.

Yours faithfully,

(Manoranjan Mishra)
Chief General Manager