ROC Compliance for Finance Firms

ROC compliance for Indian finance firms in 2026 covers AOC-4 or AOC-4 NBFC, MGT-7 or MGT-7A, DPT-3, MSME-1, DIR-3 KYC, ADT-1 and event-based filings like PAS-3, CHG-1, DIR-12 and MR-1 on the MCA V3 portal. NBFCs additionally file NBS returns, COSMOS supervisory updates and RBI incident reports, while listed finance entities follow SEBI LODR disclosures. Board, audit, risk and ALCO committees must meet on schedule, with documented fit-and-proper, information security, business continuity and outsourcing policies aligned to RBI master directions.

Mayank Wadhera

Published: 15 May 2023

Updated: 16 May 2026

4 min read

Financial services firms in India operate under one of the most layered compliance frameworks in the country. NBFCs, housing finance companies, microfinance entities, broker-dealers, wealth managers and fintechs answer to the RBI, SEBI, IRDAI or PFRDA in addition to the Registrar of Companies. In 2026, with the MCA V3 portal active, automated penalties and AI-driven RBI inspections, ROC compliance for finance firms must be airtight. This guide covers the essential filings, governance practices and pitfalls to avoid.

Why ROC compliance matters more for finance firms

A finance company's licence with its sectoral regulator typically requires it to be a fit-and-proper entity, with clean MCA records, timely filings, qualified directors and transparent shareholding. RBI's prior approval is needed for any change of control in NBFCs above the prescribed threshold, and the MCA filings often serve as the underlying evidence of that change. Sloppy ROC records can therefore freeze strategic transactions.

Core annual ROC filings

AOC-4 or AOC-4 NBFC — audited financials within 30 days of the AGM, with the additional financial statements required for NBFCs.
MGT-7 — annual return within 60 days of the AGM; small companies use MGT-7A where eligible.
DPT-3 — return of deposits and amounts not considered deposits, by 30 June each year (especially relevant for NBFCs accepting public deposits).
MSME-1 — half-yearly return of outstanding dues to MSME suppliers beyond 45 days.
DIR-3 KYC — yearly KYC of every director by 30 September.
ADT-1 — auditor appointment within 15 days of the AGM that appoints them.

Event-based and sector-specific filings

Finance firms regularly raise capital, issue debentures, change directors and update key managerial personnel. Each event triggers a specific filing — PAS-3 for share allotment, CHG-1 for charges, DIR-12 for director changes, MR-1 for KMP appointment, MGT-14 for special resolutions. For NBFCs, RBI has its own filing list — NBS returns, COSMOS portal updates, supervisory returns and incident reports — which must be reconciled with MCA records to avoid contradictions.

Listed financial entities have additional SEBI LODR obligations including quarterly investor disclosures, board committee composition reports and material event disclosures. The MCA and SEBI filings must tell the same story.

Governance practices regulators expect

Maintain a documented board diversity and fit-and-proper policy, refreshed annually.
Hold board meetings at least once a quarter with a maximum gap of 120 days, plus risk, audit and ALCO sub-committee meetings.
Adopt a written Information Security Policy, business continuity plan and outsourcing policy as RBI master directions require.
Document related-party transactions, with audit committee approval and quarterly disclosure in financial statements.
Maintain statutory registers — members, charges, loans, contracts — and produce them on inspection within 24 hours.

Penalty exposure and remediation

Penalties under Section 450 of the Companies Act 2013 stack quickly — initial fine up to ₹10,000 and continuing fine of ₹1,000 per day. Add to this the RBI's right to suspend or cancel NBFC registration for repeated non-compliance, SEBI's broker-dealer suspension authority, and IRDAI's intermediary deregistration powers. Once flagged, remediation through compounding, NCLT applications and adjudication proceedings is expensive and time-consuming. A well-run compliance function is meaningfully cheaper.

How to operationalise finance-firm compliance

Finance firms need a layered compliance function. A chief compliance officer owns the regulatory map, a company secretary manages MCA filings, a chief risk officer owns ALCO, credit and operational risk, and an information security officer covers RBI cyber-resilience requirements. Smaller finance firms can combine roles, but the functional accountability must remain clear and documented.

Document a board-approved compliance policy listing every regulator, return and timeline.
Maintain a regulator-wise filing calendar covering MCA, RBI, SEBI, IRDAI and PFRDA as relevant.
Conduct an annual compliance audit by an external firm, in addition to statutory audit.
Train all directors on fit-and-proper obligations, related-party transaction approvals and insider trading codes.
Run incident drills for cybersecurity, business continuity and regulatory inspection scenarios.

Treat compliance as a board-level priority with quarterly reporting through the audit committee and risk management committee. A well-run compliance function is one of the cheapest forms of insurance a finance firm can buy in the current regulatory environment.

Conclusion

ROC compliance for finance firms in 2026 is not a stand-alone activity; it intersects with RBI, SEBI and IRDAI obligations. Build a unified compliance calendar covering MCA filings, sectoral returns and governance practices, route it through a qualified company secretary and chief compliance officer, and you protect both the company's licence and its access to capital.

Frequently Asked Questions

What ROC filings do NBFCs need beyond standard companies?

NBFCs file AOC-4 NBFC instead of AOC-4 to capture additional financial statements, plus standard MCA forms like MGT-7, DPT-3, MSME-1, DIR-3 KYC and ADT-1. They also submit NBS returns and COSMOS supervisory data to the RBI, and material events must be reflected in both MCA and RBI filings to avoid contradictions.

How does RBI scrutiny relate to MCA filings?

RBI inspections rely on MCA filings to verify shareholding, capital changes and director appointments. Discrepancies between MCA data and RBI returns trigger queries and can delay approvals for change of control, capital raise or branch expansion. Reconciling both record sets each quarter is now a basic compliance discipline.

Are listed finance firms covered by SEBI in addition to ROC?

Yes. Listed financial services entities follow SEBI LODR for quarterly investor disclosures, board committee composition reports and material event filings, in addition to all MCA forms. The same corporate action — for example, an allotment or director change — must appear consistently in MCA, SEBI and RBI records.

What are the penalties for non-compliance by finance firms?

Section 450 of the Companies Act prescribes fines that can stack continuously. RBI can suspend or cancel NBFC registration, SEBI can suspend broker-dealer or investment-adviser licences, and IRDAI can deregister intermediaries. Remediation through compounding, NCLT applications or adjudication is expensive, making proactive compliance the cheaper path.