6 YEARS OF ZAPPY

Zappy enters into the 6th year of successful business. If you need electronic way to maintain Statutory Registers, Minutes Books and other Repositories related to Compliance Management, try Zappy Compliance.

In this edition, we will be seeing about Risk-Based Internal Audit (RIBA) Guidance issued by RBI. We will have our usual Legal terms and News Bites related to notifications by MCA, SEBI, RBI, IT and GST following the article.

 

 CS Saranya Deivasigamani,

CEO

---

RBIA FRAMEWORK

In terms of the Guidance Note on Risk-Based Internal Audit issued by RBI vide circular DBS.CO.PP.BC.10/11.01.005/2002-03 dated December 27, 2002, banks, inter alia, are required to put in place a risk based internal audit (RBIA) system as part of their internal control framework that relies on a well-defined policy for internal audit, functional independence with sufficient standing and authority within the bank, effective channels of communication, adequate audit resources with sufficient professional competence, among others.

While the aforesaid Guidance Note lays out the basic approach for risk based internal audit functions, banks are expected to re-orient their approach, in line with the evolving best practices, as a part of their overall Governance and Internal Control framework. Banks are encouraged to adopt the International Internal Audit standards, like those issued by the Basel Committee on Banking Supervision (BCBS) and the Institute of Internal Auditors (IIA).

To bring uniformity in approach followed by the banks, as also to align the expectations on Internal Audit Function with the best practices, banks are advised as under:

Þ Authority, Stature and Independence – The internal audit function must have sufficient authority, stature, independence and resources within the bank, thereby enabling internal auditors to carry out their assignments with objectivity. Accordingly, the Head of Internal Audit (HIA) shall be a senior executive of the bank who shall have the ability to exercise independent judgement. The HIA as well as the internal audit function shall have the authority to communicate with any staff member and have access to all records or files that are necessary to carry out the entrusted responsibilities.

Þ Competence – Requisite professional competence, knowledge and experience of each internal auditor is essential for the effectiveness of the bank’s internal audit function. The desired areas of knowledge and experience may include banking operations, accounting, information technology, data analytics and forensic investigation, among others. Banks should ensure that internal audit function has the requisite skills to audit all areas of the bank.

Þ Staff Rotation – Except for the entities where the internal audit function is a specialised function and managed by career internal auditors, the Board should prescribe a minimum period of service for staff in the Internal Audit function. The Board may also examine the feasibility of prescribing at least one stint of service in the internal audit function for those staff possessing specialized knowledge useful for the audit function, but who are posted in other departments, so as to have adequate skills for the staff in the Internal Audit function.

Þ Tenor for appointment of Head of Internal Audit – Except for the entities where the internal audit function is a specialised function and managed by career internal auditors, the HIA shall be appointed for a reasonably long period, preferably for a minimum of three years.

Þ Reporting Line – The HIA shall directly report to either the Audit Committee of the Board (ACB) / MD & CEO or Whole Time Director (WTD). Should the Board of Directors decide to allow the MD & CEO or a WTD to be the ‘reporting authority’ of the HIA, then the ‘reviewing authority’ shall be with the ACB and the ‘accepting authority’ shall be with the Board in matters of performance appraisal of the HIA. Further, in such cases, the ACB shall meet the HIA at least once in a quarter, without the presence of the senior management, including the MD & CEO/WTD. The HIA shall not have any reporting relationship with the business verticals of the bank and shall not be given any business targets. In foreign banks operating in India as branches, the HIA shall report to the internal audit function in the controlling office / head office.

Þ Remuneration – The independence and objectivity of the internal audit function could be undermined if the remuneration of internal audit staff is linked to the financial performance of the business lines for which they exercise audit responsibilities. Thus, the remuneration policies should be structured in a way that it avoids creating conflict of interest and compromising audit’s independence and objectivity.

The internal audit function shall not be outsourced. However, where required, experts, including former employees, could be hired on contractual basis subject to the ACB being assured that such expertise does not exist within the audit function of the bank. Any conflict of interest in such matters shall be recognised and effectively addressed. Ownership of audit reports in all cases shall rest with regular functionaries of the internal audit function.

Banks must ensure and demonstrate through proper documentation that their risk-based internal audit framework captures all the significant criteria / principles suited for their organisational structure, the business model and the risks.

The instructions contained above came into effect on January 07, 2021.

Reserve Bank of India issued a circular supplementing the guidelines on December 27, 2002 on Risk-based internal audit along with other circulars/instruction on the subject issued from time-to time and for any common areas of guidance, the prescription of this circular shall be followed.

 

---

Legal Terms

Rebuttable Presumption

A presumption that can be refuted with evidence; an assumption that is held to be true until refuted by evidence.

 

---

MCA Updates

• Companies (Auditor’s Report) Second Amendment Order, 2020.
• Companies (compromises, arrangements and amalgamations) Amendment Rules 2021.
• Companies (Appointment and Qualification of Directors) Fifth Amendment Rules 2020.
• Companies (Incorporation) Third Amendment Rules, 2020.
• Companies (Share Capital and Debentures) Second Amendment Rules, 2020.
• Clarification on passing of ordinary and special resolutions.
• Clarification on spending of CSR funds for Awareness and public outreach on COVID-19 Vaccination programme.
• Scheme for condonation of delay for companies restored during Dec 2020 u/s 252 of the CA 2013.

SEBI Updates

• Relaxation from compliance with certain provisions of the SEBI (Listing Obligations and Disclosure Requirements) Regulations, 2015 due to the CoVID -19 pandemic.
• Norms for investment and disclosure by Mutual Funds in Exchange Traded Commodity Derivatives (“ETCDs”)
• Notification repealing SEBI (Central Database of Market Participants) Regulations, 2003
• Securities and Exchange Board of India (Investment Advisers) (Amendment) Regulations, 2021
• Circular on Amendment to Regulation 20(6) of SEBI (AIF) Regulations, 2012
• Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) (Amendment) Regulations, 2021
• Securities and Exchange Board of India (Alternative Investment Funds) ( Amendment) Regulations, 2021
• Securities and Exchange Board of India (Issue of Capital and Disclosure Requirements) (Amendment) Regulations, 2021

RBI Updates

• Foreign Exchange Management (Export of Goods and Services) (Amendment) Regulations, 2021.
• Risk Based Internal Audit (RBIA) Framework – Strengthening Governance arrangements
• Operationalisation of Payments Infrastructure Development Fund (PIDF) Scheme

IT Updates

• Notification No. 3/2021 [F. No. 370142/51/2020-TPL] / SO 118(E) .
• Faceless Penalty Scheme, 2021​.
• Notification No. 1/2021 [F. No. 285/04/2019-IT(Inv.V) CBDT] / SO 58(E).
• Notification No. 91/2020 [F.No. 300196/4/2014-ITA-I]/ SO 4684(E)

GST Updates

• Ignore prompt on liability for inward supplies attracting reverse charge in Table-3.1 (d).
• Communication between Recipient and Supplier Taxpayers on GST Portal .
• Auto-population of e-invoice details into GSTR-1/2A/2B/4A/6A
• Invoice Furnishing Facility (IFF) for Taxpayers under QRMP Scheme
• Aadhaar Authentication / e-KYC for Existing Taxpayers on GST Portal
• Auto-population of e-invoice details into GSTR-1