Non-Compliance with NFRA Rules

The National Financial Reporting Authority (NFRA) is the independent regulator overseeing auditors of large and listed Indian companies. Established under Section 132 of the Companies Act, 2013, NFRA frames standards, monitors quality, and takes disciplinary action against auditors. The Ministry of Corporate Affairs has notified strict penalties for non-compliance with NFRA Rules, and audit firms operating in FY 2026-27 cannot afford to be casual about them.

Scope of NFRA jurisdiction

Under Rule 3 of the NFRA Rules, 2018 (as amended), NFRA exercises jurisdiction over auditors of:

• Companies whose securities are listed on any stock exchange in India or abroad
• Unlisted public companies with paid-up capital of ₹500 crore or more, or annual turnover of ₹1,000 crore or more, or aggregate outstanding loans, debentures and deposits of ₹500 crore or more, as on the 31st March of the immediately preceding financial year
• Insurance companies, banking companies, electricity generating or supplying companies, and entities governed by special Acts
• Body corporates referred by the Central Government in the public interest

Key compliance obligations on auditors

1. Auditors of NFRA-covered entities must file Form NFRA-1 at the time of appointment (where applicable for body corporates)
2. Auditors must file Annual Return in Form NFRA-2 for each financial year, disclosing audit clients, partners, network firms and key financials
3. Audit documentation must comply with the Standards on Auditing and the Accounting Standards / Indian Accounting Standards prescribed
4. Cooperation with NFRA inspections, investigations and information requests is mandatory
5. Auditors must respond to show-cause notices and provide records as directed

Penalties for non-compliance

Section 132(4) of the Companies Act, 2013 empowers NFRA to impose penalties where, after inquiry, professional misconduct is proved. The penalties include:

• For an individual auditor — a penalty not less than ₹1 lakh and up to five times the fees received
• For an audit firm — a penalty not less than ₹5 lakh and up to ten times the fees received
• Debarment of the auditor or firm from practising as an auditor of an Indian company or LLP for a period from six months up to ten years
• Late filing of NFRA-2 attracts additional fees and may itself constitute professional misconduct

Indirect consequences for audit firms

• Reputational damage and loss of audit assignments
• Resignations and disclosures to regulators including SEBI for listed clients
• Restatement of financial statements where audit failure leads to revisions
• Civil and criminal liability where fraud is involved under Section 447 of the Companies Act
• Listing on the NFRA website of orders, which lenders and investors scan

Compliance roadmap for audit firms

1. Map your audit portfolio annually to identify NFRA-covered clients
2. Maintain robust audit documentation with timely sign-offs
3. File Form NFRA-2 by the prescribed due date — typically 30 November
4. Implement firm-wide quality control aligned to SQC 1 and the Standards on Auditing
5. Train teams on Ind AS, ICDS and emerging audit areas — ESG, IT general controls, climate-related disclosures
6. Respond promptly to NFRA queries and inspections, with senior partner oversight

Building an NFRA-grade quality control system

The most effective shield against NFRA penalties is a robust firm-wide quality control system anchored in Standard on Quality Control (SQC) 1. This goes well beyond engagement-level documentation and covers leadership tone, ethical requirements, acceptance and continuance of clients, human resources, engagement performance, monitoring and resolution of complaints.

• Annual firm-level risk assessment covering NFRA-covered engagements
• Engagement Quality Control Review (EQCR) on every NFRA engagement by an independent partner
• Centralised documentation platform with audit trail and version control
• Mandatory training hours on Ind AS, SAs, ICDS and emerging audit areas like ESG and IT GC
• Internal inspection programme covering at least one engagement per partner per year

Firms that institutionalise these practices treat NFRA inspections as routine validation rather than existential risk. The cost of building such a system is modest compared with the financial penalties, debarment exposure and reputational damage that follow even one adverse NFRA order.

Recent NFRA orders and lessons

NFRA has been increasingly active, issuing detailed orders on audit failures in high-profile cases. These orders typically run into hundreds of pages, identifying specific lapses against Standards on Auditing, professional scepticism failures, and inadequate engagement quality control reviews. Reading these orders is mandatory continuing education for every audit partner — they spell out exactly the kind of behaviour and documentation that attracts severe action.

• Detailed audit programme aligned to Standards on Auditing
• Documented professional scepticism on critical estimates and complex transactions
• Engagement Quality Control Review by an independent partner
• Written representation letters from management on key matters
• Subsequent events review and bridging procedures up to date of signing

Conclusion

NFRA is no longer a distant regulator; it is an active enforcer with significant penalty powers. Audit firms operating in the NFRA universe in FY 2026-27 must invest in quality control, documentation discipline and timely filings. The cost of non-compliance — financial, reputational and professional — far exceeds the cost of building a robust audit infrastructure.