ROC Compliance for Finance Firms

ROC Compliance for Finance Firms

Indian finance companies — NBFCs, housing finance companies (HFCs), stock brokers, wealth managers and fintechs — face a compliance structure unlike any other sector. Every filing they make with the Registrar of Companies (ROC) sits inside a larger mosaic of RBI, SEBI, IRDAI and PFRDA obligations. A missed MGT-7 is not just a Companies Act problem; it is evidence an RBI inspector uses to question a company's governance standards. In FY 2026-27, with MCA V3 portal automation, RBI's CIMS-based surveillance and SEBI's real-time disclosure engine in place, the margin for error is effectively zero.

Why ROC Records Are a Regulator's First Stop

When the RBI's inspection team arrives — or when SEBI issues a show-cause notice — they pull MCA filings first. Here is why: your ROC records are the official paper trail for everything that matters to a sectoral regulator.

• Shareholding structure. Any change of control in a deposit-taking NBFC requires RBI's prior written approval. The evidence of that change — share allotment forms (PAS-3), share-transfer records, MGT-7 — lives on the MCA portal.
• Director fit-and-proper. RBI's Master Direction on fit-and-proper criteria for NBFC directors requires periodic re-confirmation. If DIR-12 filings are delayed or inconsistent with RBI's own records, the mismatch triggers follow-up inquiries.
• Capital adequacy and leverage. AOC-4 NBFC financials feed into the CRAR (Capital to Risk-Weighted Assets Ratio) computation that RBI tracks through supervisory returns. Financials that differ between the RBI filing and the MCA filing create compliance red flags that are very hard to explain.
• Licensing renewal and expansion. An NBFC seeking to upgrade from NBFC-ICC to NBFC-MFI status, or a broker applying for a depository participant licence, will face due diligence where clean ROC records are a go/no-go checkpoint.

The practical implication: treat your MCA compliance calendar as the foundation of your entire regulatory posture, not as a separate checklist.

Core Annual Filings: Forms, Due Dates and NBFC-Specific Variations

AOC-4 and AOC-4 NBFC: Audited Financial Statements

Due date: Within 30 days of the Annual General Meeting (AGM). For a company holding its AGM on the last permissible date of 30 September 2026, AOC-4 is due by 30 October 2026.

NBFCs registered under the Companies Act 2013 must use Form AOC-4 NBFC, not the standard AOC-4. The NBFC-specific form captures:

• Statement of compliance with RBI prudential norms
• Details of public deposits (if deposit-taking)
• Credit-to-deposit ratio and NPA disclosures
• CRAR position

If the company is required to file consolidated financial statements, a separate AOC-4 CFS is also due within 30 days of the AGM.

MGT-7 / MGT-7A: Annual Return

Due date: Within 60 days of the AGM. For a 30 September 2026 AGM, MGT-7 is due by 29 November 2026.

Small companies and One Person Companies (OPCs) use the simpler MGT-7A. Most NBFCs — which carry a minimum net-owned fund (NOF) requirement of Rs. 10 crore or more and are unlikely to qualify as small companies — will file MGT-7. The return must attach a certificate from a practising Company Secretary (CS) unless exempted.

DPT-3: Return of Deposits

Due date: 30 June each year, covering transactions up to the preceding 31 March.

This form is mandatory even for NBFCs that do not accept public deposits — they must disclose "amounts not considered as deposits" under the Companies (Acceptance of Deposits) Rules 2014. Inter-corporate loans, commercial paper proceeds and subordinated debt all require careful classification here. An incorrect DPT-3 can misrepresent borrowing structure to both the ROC and the RBI.

Supporting Annual Forms

Event-Based Filings Finance Firms Cannot Afford to Miss

Finance companies are high-activity entities. Capital raises, debenture issuances, director changes and restructurings happen regularly — and each event starts a filing clock.

• PAS-3 (Share Allotment Return): Within 15 days of each allotment. NBFCs raising equity for capital adequacy reasons must be particularly punctual; a delayed PAS-3 means the allotment is visible to neither the RBI nor future due-diligence advisors.
• CHG-1 / CHG-4 (Charge Creation / Satisfaction): CHG-1 is due within 30 days of creating a charge over company property (extendable to 60 days with an additional fee). Finance companies that create debenture trusts or pledge assets to banks trigger this frequently. A charge not registered on the MCA portal does not bind third parties, creating lender exposure.
• DIR-12 (Director Change): Within 30 days of appointment, cessation, or change of designation. If an independent director resigns after expressing concerns about governance — a scenario regulators watch closely — DIR-12 must reflect the correct date and reason.
• MR-1 (KMP Appointment): Within 60 days of appointing a Managing Director, Whole Time Director, or Manager. For NBFCs, this filing is cross-referenced with the CEO/MD details in RBI's CIMS portal.
• MGT-14 (Filing of Resolutions): Within 30 days of passing a special resolution. Special resolutions relating to alteration of objects, borrowing limits or preferential allotments are all required to be filed; non-filing is a common trigger for adjudication orders.
• INC-22A / INC-20A: These one-time declarations (active company tagging and commencement of business) must be complete before any transactional filing. Many older NBFCs that did not file INC-20A remain flagged and face portal issues.

Sectoral Overlay: Where RBI, SEBI and IRDAI Intersect with MCA

NBFC Filings Under RBI

NBFCs operate on a parallel filing track through the COSMOS portal and, more recently, CIMS (Centralised Information Management System):

• NBS-1: Quarterly return on deposits (deposit-taking NBFCs only)
• NBS-2: Quarterly return on prudential norms
• NBS-9: Monthly return for NBFC-D and systemically important NBFC-ND with asset size above Rs. 500 crore
• Annual statutory auditor report in prescribed format to RBI within one month of the AGM

The critical point: the financials in AOC-4 NBFC filed with MCA must be reconcilable with the NBS returns filed with RBI. Divergence between the two — say, a different NPA figure — will surface in an RBI inspection and is extremely difficult to explain after the fact.

SEBI LODR for Listed Finance Entities

Listed NBFCs, banks and broking houses must also comply with SEBI (Listing Obligations and Disclosure Requirements) Regulations 2015 (LODR):

• Quarterly financial results within 45 days of quarter end (standalone and consolidated)
• Annual results within 60 days of financial year end
• Board meeting intimation at least 2 working days in advance
• Material events (change of CEO, regulatory action, credit rating change): within 24 hours, and within 30 minutes for price-sensitive information
• Shareholding pattern: within 21 days of quarter end

SEBI and MCA filings must tell exactly the same story. A director appointment disclosed to a stock exchange must have a corresponding DIR-12 on the MCA portal. Inconsistency — even by a week — is used by SEBI enforcement teams as evidence of governance lapses.

SEBI Broker-Dealer Compliance

Stock brokers registered under SEBI (Stock Brokers) Regulations 1992 have their own annual compliance obligations beyond MCA: net-worth certificates, client-fund reconciliation certificates, and compliance officer certifications to stock exchanges. These must coexist cleanly with the AOC-4 financial statements and MGT-7 shareholding disclosures.

Worked Example: The Real Cost of a 200-Day Delay

Scenario: Nirmaan Capital Private Limited is a registered NBFC-ICC with paid-up capital of Rs. 10 crore. Its AGM for FY 2025-26 was held on 29 September 2026. Due to an auditor change and reconciliation issues, both AOC-4 NBFC and MGT-7 were filed on 15 June 2027.

Delay calculations:

• AOC-4 NBFC was due by 29 October 2026 → filed 228 days late
• MGT-7 was due by 28 November 2026 → filed 198 days late

Penalty under Section 137(3) — AOC-4 NBFC:

• Company: Rs. 10,000 + (228 days × Rs. 100) = Rs. 10,000 + Rs. 22,800 = Rs. 32,800
• MD (officer in default): Rs. 10,000 + Rs. 22,800 = Rs. 32,800 (within Rs. 50,000 cap)
• CFO: Rs. 10,000 + Rs. 22,800 = Rs. 32,800
• Sub-total AOC-4: Rs. 98,400

Penalty under Section 92(5) — MGT-7:

• Company: Rs. 50,000 + (198 × Rs. 100) = Rs. 50,000 + Rs. 19,800 = Rs. 69,800
• MD: Rs. 69,800; CFO: Rs. 69,800
• Sub-total MGT-7: Rs. 2,09,400

Total ROC adjudication exposure: Rs. 3,07,800

On top of this, the RBI inspection team — which cross-references CIMS data with MCA filings — notes the delay as a governance red flag. The company's application to increase its borrowing limits, already in pipeline, is put on hold pending a satisfactory explanation letter. The direct penalty is painful; the opportunity cost is worse.

Governance Practices Regulators Actually Inspect

Governance is not just about having policies — it is about being able to demonstrate, on inspection day, that those policies are alive and followed.

Board meeting frequency and documentation:

• Section 173 of the Companies Act 2013 requires at least four board meetings per year with a maximum gap of 120 days between consecutive meetings. NBFCs additionally require a Risk Management Committee meeting, an ALCO (Asset Liability Committee) meeting and an Audit Committee of Board (ACB) meeting each quarter.
• Board minutes must record dissenting views, conflict-of-interest declarations and the basis for significant decisions. Thin minutes that simply note "proposals were discussed and approved" do not satisfy RBI inspection standards.

Related-party transaction controls:

• Section 188 of the Companies Act 2013, read with SEBI LODR Regulation 23 for listed entities, requires prior audit-committee and board approval for material related-party transactions (RPTs). Finance firms — which often have intra-group lending arrangements — must ensure that every RPT is approved at the right level, disclosed in the quarterly financials, and reflected in the Register of Contracts (Form MBP-4).

Fit-and-proper declarations:

• Each director must submit a fresh fit-and-proper declaration annually to the board (for NBFCs, as per RBI's Master Direction). This declaration must be retained and available for inspection. The company secretary should calendar this alongside DIR-3 KYC, since both have September–October timelines.

Statutory registers:

• Maintain the Register of Members (MGT-1), Register of Directors and KMP (MBP-1), Register of Charges (CHG-7), Register of Loans and Investments (MBP-2), and Register of Contracts (MBP-4). These must be physically or electronically producible within 24 hours of an inspection demand.

Information security and outsourcing policies:

• RBI's Master Direction on IT Framework for the NBFC sector requires a board-approved Information Security Policy, a Cyber Crisis Management Plan, and an IT Steering Committee. Outsourcing arrangements — including those with fintech partners and cloud service providers — must follow the outsourcing guidelines and be disclosed in board minutes.

Common Mistakes Finance Firms Make with ROC Compliance

1. Using the wrong AOC-4 form. An NBFC that files the standard AOC-4 instead of AOC-4 NBFC will face a deficiency notice from the ROC. The standard form lacks NBFC-specific disclosures and the return will be treated as incomplete.

2. Missing DPT-3 because "we don't accept deposits." Almost every finance company has inter-corporate borrowings, commercial paper or NCDs that must be disclosed as "amounts not considered as deposits." Skipping DPT-3 is a compounding offence.

3. DIR-3 KYC lapsing for non-executive directors. NED DINs are deactivated just as readily as executive director DINs. A deactivated DIN means the director cannot digitally sign any MCA form — which can paralyze a time-sensitive CHG-1 or PAS-3 filing.

4. MGT-14 not filed for borrowing-limit resolutions. Finance companies regularly pass resolutions under Section 180(1)(c) authorising borrowings beyond paid-up capital and free reserves. These special resolutions require MGT-14 within 30 days. Skipping this filing makes the borrowing resolution potentially challengeable.

5. Inconsistency between MCA and RBI records for director changes. A director who steps down from an NBFC board must be removed from both the MCA's DIR-12 filing and the RBI's CIMS portal. Leaving one without updating the other creates a mismatch that surfaces in inspections and causes weeks of remedial correspondence.

6. Late charge satisfaction (CHG-4). When a loan is repaid and the lender's charge is released, CHG-4 must be filed within 30 days of satisfaction. Finance firms frequently miss this, leaving old charges on the MCA index — which can cloud due diligence for new lenders or investors.

7. Treating LODR disclosures as separate from MCA filings. Listed finance entities sometimes make SEBI disclosures for material events without ensuring the corresponding MCA form (DIR-12, MGT-14, CHG-1) has also been filed. Both regulators will eventually notice.

How to Build a Compliance Function That Holds Under Inspection

A finance firm's compliance function needs to be layered, documented and audited — not improvised.

Step 1: Build a unified regulatory calendar. Create one master calendar covering MCA due dates, RBI supervisory return dates, SEBI LODR deadlines and any IRDAI/PFRDA obligations. Assign each line item an owner (CS for MCA forms, CCO for RBI returns, CFO for SEBI financials) with a backup owner, and build in a 10-day buffer before each statutory deadline.

Step 2: Assign functional accountability clearly.

• Company Secretary: Owns all MCA filings, statutory registers, board meeting notices, minutes and AGM logistics.
• Chief Compliance Officer (CCO): Owns the regulatory map, sectoral filings, fit-and-proper declarations and inspection readiness.
• Chief Financial Officer: Owns financial statement preparation, DPT-3, MSME-1 and charge-related filings.
• Smaller firms can combine roles, but each function must have a documented owner. Regulators do not accept "everyone is responsible" as an answer.

Step 3: Run a pre-AGM compliance sprint. From July to September each year, run a structured review covering:

1. Verify all DIR-3 KYC filings are current
2. Confirm auditor appointment paperwork is ready for AGM agenda
3. Reconcile shareholding register with last MGT-7
4. Check for any pending CHG-1 or CHG-4 filings
5. Collect fit-and-proper declarations from all directors
6. Confirm AGM date is within the Section 96 window (on or before 30 September for companies other than OPCs)

Step 4: Conduct an annual external compliance audit. In addition to the statutory audit, commission an independent compliance review by a practising CS or CA covering MCA records, statutory registers and cross-referencing with sectoral regulator filings. This is distinct from the internal audit and is best completed by December — leaving time to remediate before the calendar rolls into the next filing season.

Step 5: Invest in compliance technology. MCA V3 has improved, but tracking event-based triggers across a high-activity finance firm still requires a compliance management system. At minimum, use a calendar tool that generates alerts 30 days and 7 days before each deadline. Several platforms now integrate MCA V3 APIs to track filing status in real time.

Key Takeaways

• AOC-4 NBFC (not AOC-4) is mandatory for all NBFCs regardless of deposit-taking status; due within 30 days of AGM; penalty exposure under Section 137(3) reaches Rs. 2,10,000 per company per delay.
• MGT-7 delay penalty under Section 92(5) can reach Rs. 5 lakh for the company alone, plus equal liability on each officer in default — file within 60 days of AGM without fail.
• DPT-3 by 30 June is non-optional, even for NBFCs that do not accept public deposits; inter-corporate borrowings and NCDs must be disclosed.
• Event-based forms (PAS-3, CHG-1, DIR-12, MGT-14) have hard 15–30 day windows; missing them is the single most common trigger for adjudication proceedings in finance firms.
• MCA filings must mirror RBI/SEBI records exactly — director details, shareholding, financials, and charge records must be consistent across all portals or a cross-regulator inquiry becomes inevitable.
• Governance documentation — board minutes, statutory registers, RPT approvals, fit-and-proper records — must be inspection-ready at all times, not assembled after an inquiry is received.
• A 200-day delay on two core forms can cost a 10-crore NBFC over Rs. 3 lakh in ROC penalties alone, plus indirect costs in frozen licensing approvals and increased regulatory scrutiny — the investment in a good compliance function pays for itself many times over.