A consolidated calendar of recurring compliance obligations for an NBFC-ICC (Base Layer) running SME working-capital lending with co-lending. Verify each item’s current deadline on rbi.org.in annually — RBI changes return frequency and deadlines periodically.
| Activity | Owner | System |
|---|
| Asset classification (end-of-day SMA / NPA bucket update) | LMS / risk | LMS daily batch |
| NACH presentation + bounce file reconciliation | Operations | Mandate engine |
| Bank reconciliation (collection escrow, payout account) | Finance / ops | Recon module |
| Co-lending settlement (if daily settlement) | Co-lending ops | Co-lending engine |
| Audit log integrity check | InfoSec | SIEM |
| KYC consent / consent revocation processing | Operations | Consent service |
| Activity | Owner | Cadence |
|---|
| Bureau data submission (consumer + commercial) to all 4 CICs | Compliance / risk | Weekly is best practice (monthly is the minimum) |
| Co-lending partner MIS | Co-lending ops | Per agreement |
| Vendor incident review | InfoSec / ops | Weekly review |
| AA consent / data fetch health | Operations | Weekly |
| Activity | Owner | Deadline |
|---|
| CIC monthly data submission (all 4 bureaus) | Compliance | By 15th of following month |
| DNBS-01 / DNBS-02 returns (depending on size and category) | Finance / compliance | Per RBI schedule, typically by end of following month |
GST returns (GSTR-1, GSTR-3B) | Finance | 11th / 20th of following month |
| TDS returns (Form 26Q / 27Q) | Finance | 30th of following month |
| Asset classification statement | Finance | End of month + few days |
| Provisioning computation | Finance / risk | Monthly close |
| Grievance dashboard to senior management | Compliance | First week of next month |
| AA / vendor cost reconciliation | Finance / ops | First week |
| Co-lending settlement and reconciliation closure | Co-lending ops | Per agreement |
| Penal-charges audit (sample) | Compliance | Monthly internal |
| Activity | Owner | Deadline |
|---|
| Quarterly RBI returns (DNBS-03, DNBS-09, etc. as applicable) | Compliance / finance | Per RBI schedule |
| Board / audit committee meetings | Board secretariat | At minimum quarterly; risk committee, audit committee |
| CRAR computation (Tier-1, Tier-2, total) | Finance | Within 30 days of quarter-end |
| Co-lending partner portfolio review | Co-lending ops | Per agreement |
| DR drill (critical systems) | InfoSec / tech | Quarterly |
| Vendor performance review (material vendors) | Procurement / vendor mgmt | Quarterly |
| Access review (privileged access, application access) | InfoSec | Quarterly |
| Concentration exposure review | Risk | Quarterly |
| Internal audit (rotational coverage) | Internal audit | Quarterly cycle |
| DLG cap and instrument review (if DLG arrangements exist) | Risk / finance | Quarterly |
| Cybersecurity posture review | InfoSec | Quarterly |
| Sectoral exposure review | Risk | Quarterly |
| Activity | Owner | Deadline |
|---|
| ALM report (asset-liability mismatch) | Treasury / finance | Per RBI ALM guidelines |
| NPA review by board | Board secretariat | Half-yearly minimum |
| Outsourcing review | Vendor management / compliance | Half-yearly |
| Activity | Owner | Deadline |
|---|
| Statutory audit and audited financials | Finance / external auditor | Within 6 months of year-end (typically September for March year-end) |
| NBFC annual return (DNBS-PPD or equivalent) | Compliance / finance | Per RBI schedule |
| Board-approved policies review — credit, risk, ALM, outsourcing, IT, information security, fair practices | Board secretariat | Annual |
| Internal capital adequacy assessment (ICAAP) | Risk / finance | Annual (mandatory for NBFC-ML; recommended for BL) |
| External penetration test | InfoSec | Annual minimum |
| External IT audit | InfoSec / IT | Annual |
| External information security audit | InfoSec | Annual |
| Director fit-and-proper declarations refresh | Company secretary | Annual |
| DLG annual disclosure | Compliance | Annual financials |
| Co-lending arrangement public disclosure | Compliance | Annual financials |
| Outsourcing arrangements report to board | Vendor management | Annual |
| Grievance summary to board | Compliance | Annual |
| DPDP compliance audit | Compliance / InfoSec | Annual |
| CKYC data quality reconciliation | Compliance | Annual |
| BCP / DR full plan review and test | InfoSec / IT | Annual |
| Sectoral / industry exposure caps review | Board / risk committee | Annual |
| CSR contribution and reporting (if applicable) | Finance | Annual |
| Trigger | Action | Deadline |
|---|
| Change in directors / shareholders above threshold | Intimate RBI | Per Master Direction |
| Material cyber incident | Report to RBI and CERT-In | <= 6 hours of detection |
| Material data breach (DPDP) | Notify Data Protection Board and affected Data Principals | Per DPDP Rules |
| Borrower grievance unresolved by SLA | Escalate to Internal Ombudsman or RBI Ombudsman | Per SLA |
| Material vendor incident | Report internally and to RBI if material | Per Outsourcing MD |
| New co-lending partner | Board approval; intimation to RBI if material | Per CLM guidelines |
| New material outsourcing arrangement | Board approval | Per Outsourcing MD |
| Loan turning NPA | Trigger collections + classification + bureau update | Same day |
| Borrower dispute on bureau | Investigate and respond | <= 30 days |
A summary of the major DNBS returns. Exact format, frequency, and applicability depends on NBFC type and asset size — verify on rbi.org.in.
| Return | Frequency | Content |
|---|
DNBS-01 | Monthly | Important financial parameters |
DNBS-02 | Quarterly | Statement of capital funds, risk asset ratio etc. |
DNBS-03 | Quarterly | Statement of exposure to investment / lending |
DNBS-04A / 04B | Quarterly | Asset-liability management |
DNBS-05 (NBFC-AA) | Quarterly | AA-specific |
DNBS-09 | Quarterly | Branch information |
DNBS-PPD | Annual | Principal place of business + audit committee + compliance |
DNBS-13 | Quarterly | Overseas investment |
| Item | Frequency |
|---|
GST returns (GSTR-1, 3B, 9 annual) | Monthly + annual |
| TDS returns | Quarterly |
| Income tax return | Annual |
| Provident Fund / ESI returns | Monthly |
| MCA filings (AOC-4, MGT-7) | Annual |
| Board / general meeting minutes filing | Per Companies Act schedule |
- Compliance calendar in a tool (e.g., a workflow tool like Asana / ClickUp / Jira with a compliance project) with reminders, owners, evidence attachment.
- Compliance officer dashboard showing upcoming due dates, recent submissions, exceptions.
- Audit trail of every submission with acknowledgement.
- Monthly compliance dashboard to CEO and board.
- RBI Master Direction – Returns submitted by NBFCs and the Submission of NBFC returns – Online format on
rbi.org.in.
- RBI Master Direction – NBFC – Scale Based Regulation Directions, 2023 (consolidated).
- CIC submission specifications on
cibil.com, experian.in, equifax.co.in, crifhighmark.com.
- GST portal calendar at
gst.gov.in.
- DPDP Act 2023 and forthcoming Rules at
meity.gov.in.