ENTERPRISE RISK MANAGEMENT POLICY
R. K. Bansal Finance Private Limited
Version: 1.0
Effective Date: 29 Dec, 2025
Periodicity of Review: Annual
Policy Owner: Chief Risk Officer
Approved By: Board of Directors
Contents
ENTERPRISE RISK MANAGEMENT POLICY 1
3. Vision, Mission & Risk Culture 3
4.3 Risk Management Committee (RMC) 4
4.4 Chief Risk Officer (CRO) 4
5. Enterprise-Wide Risk Management Framework 4
8.3 Market & Interest Rate Risk 7
8.5 Technology & Cybersecurity Risk 7
8.7 Regulatory & Compliance Risk 8
8.8 Outsourcing / Vendor Risk 8
9. Business Continuity & Disaster Recovery 9
10. Policy Review & Revision 9
APPROVAL Error! Bookmark not defined.
1. Purpose
The purpose of this Enterprise Risk Management (ERM) Policy is to establish a structured, consistent, and disciplined approach to identify, assess, measure, control, monitor, and report risks across R K Bansal Finance Private Limited, a Non-Banking Financial Company (NBFC) primarily engaged in digital consumer lending, payday loans, and short-tenure personal loans, with plans to enter into unsecured Personal Loan, business loan and secured Loan against Property.
This policy is aligned with:
- RBI Master Directions
- Corporate governance expectations
- Applicable laws and industry best practices
2. Scope
This policy applies to:
- All business units, products, employees, and outsourced partners
- Loan origination, underwriting, servicing, collections, treasury, IT systems, cybersecurity, finance, and reporting
- Enterprise-wide risk including financial, operational, market, credit, compliance, conduct, reputational, and strategic risks
3. Vision, Mission & Risk Culture
3.1 Vision
To build a digitally-led, diversified lending business that delivers sustainable value to customers, shareholders, employees, and society.
3.2 Mission
To lend responsibly and profitably through robust risk management, disciplined underwriting, and data-driven decision-making while maintaining compliance with regulatory expectations.
3.3 Risk Culture
R K Bansal Finance Private Limited shall:
- Promote a strong risk-aware culture
- Ensure “Risk ownership lies with the first line of defence”
- Encourage transparent reporting, risk escalation, and decision making
- Enforce zero tolerance for fraud, unethical practices, and regulatory non-compliance
All employees share responsibility for effective risk management.
4. Risk Governance
R. K. Bansal Finance Private Limited adopts a robust governance structure aligned with RBI guidance, comprising:
4.1 Three Lines of Defence
- First Line – Business & Operations
- Own day-to-day risk
- Implement controls, policy adherence, and SOPs
- Second Line – Independent Risk Management & Compliance
- Policy formulation
- Review, challenge, oversight
- Monitoring against risk appetite
- Third Line – Internal Audit
- Independent assurance
- Assess effectiveness of controls and policies
4.2 Board of Directors
The Board shall:
- Approve the ERM Policy annually
- Set overall risk appetite
- Review credit performance, liquidity, NPAs, write-offs, and compliance status
- Oversee robustness of governance, control standards, and IT/IS framework
4.3 Risk Management Committee (RMC)
The RMC shall:
- Meet at least quarterly
- Ensure effective implementation of risk management framework
- Review material risks, breaches, exceptions, and audit findings
- Approve risk limits and recommend changes to the Board
4.4 Chief Risk Officer (CRO)
CRO shall:
- Lead enterprise risk management
- Maintain independence from business functions
- Approve credit models and credit policy changes
- Ensure regulatory compliance in risk matters
- Present quarterly risk dashboards to the Board/RMC
5. Enterprise-Wide Risk Management Framework
The ERM framework ensures:
- Identification of current and emerging risks
- Measurement of likelihood and business impact
- Mitigation measures and ownership
- Monitoring through KRIs and MIS
- Timely reporting and escalation
6. Risk Appetite Framework
Risk appetite defines the maximum risk that R. K. Bansal Finance Private Limited is willing to assume. It shall:
- Align with capital strength, liquidity capacity, and portfolio performance
- Be approved by the Board annually
- Be tracked through Key Risk Indicators (KRIs)
6.1 Examples of KRIs
- Portfolio GNPA & Net NPA levels
- Credit cost as % of AUM
- Segment/product vintage performance
- PAR & roll-rate thresholds
- Liquidity coverage ratio
- Capital adequacy ratio
- Operating loss frequency
- Regulatory breaches
- Cyber incident count or downtime
Breaches require documented action plans within defined timelines.
7. Risk Processes
7.1 Risk Identification
Risks shall be identified from:
- New products
- New processes & system deployments
- Regulatory changes
- Outsourced relationships
- Audit findings
- Fraud events
- Stress testing
7.2 Risk Assessment
R. K. Bansal Finance Private Limited shall maintain:
- Risk Registers
- RCSA (Risk & Control Self-Assessment)
with details on inherent risk, controls, residual risk, and action plans.
7.3 Risk Monitoring
- Risks will be monitored using KRIs, KPIs and operational dashboards.
- Exceptions will be escalated in line with the delegation of authority.
7.4 Risk Reporting
Standard MIS shall be submitted to:
| Report | Submitted To | Frequency |
| Portfolio & Credit Risk Dashboard | CRO/RMC/Board | Monthly / Quarterly |
| Liquidity & ALM Report | ALCO/Board | Monthly |
| Operational & Fraud Loss Report | Senior Management/RMC | Monthly |
| Compliance Report | Audit Committee/Board | Quarterly |
| Information Security Report | IT & RMC/Board | Quarterly |
8. Major Risk Classes
8.1 Credit Risk
Credit risk refers to borrower default leading to loss of income and capital.
Key Sources
- Inadequate credit underwriting
- Excessive DTI, bureau delinquency, income misrepresentation
- Digital fraud
- Rapid growth without controls
- Concentration by product, geography, or customer segment
Mitigation
- Defined product credit policies
- Automated underwriting engine
- Income validation rules
- Bureau scorecards and internal scorecards
- Fraud detection systems (device fingerprinting, bank statement parsing, UPI analysis, etc.)
- Portfolio early warning system
- Segmented credit limits and pricing
- Provisioning as per IRACP/IFRS requirements
8.2 Liquidity & ALM Risk
Risk of insufficient liquidity to meet obligations or maturity mismatches.
Mitigation
- Board-approved ALM Policy
- Dedicated ALCO
- Funding diversification strategy
- Regulatory liquidity coverage maintained
- Maturity ladder monitoring
- Minimum thresholds such as:
| Parameter | Minimum Benchmark |
| Liquidity Coverage Ratio | ≥ RBI requirement |
| Negative cumulative ALM gap (next 30 days) | Within defined limit |
| Short-term funding dependence | ≤ set threshold |
Stress scenarios (e.g., 30% slowdown in collections) shall be evaluated.
8.3 Market & Interest Rate Risk
Exposure to market movements in borrowing rates.
Mitigation
- Scenario and sensitivity analysis
- Repricing strategies
- Diversified lender base
- Conservative leverage policies
8.4 Operational Risk
Risk of loss due to failed processes, systems, human error, or external events.
Examples:
- System downtime
- Process lapses
- Failed transaction settlements
- Data mismatch
- Mis-selling or unauthorised actions
Controls:
- Defined SOPs
- Documented process maps
- Internal audits
- Dual controls for sensitive activities
- Maker-checker approval mechanisms
8.5 Technology & Cybersecurity Risk
Critical for digital business models.
Controls Include:
- ISO/ISMS & IT security policy
- Network, application and API security
- Incident response & DR drills
- Multi-factor authentication
- Endpoint protection and SIEM monitoring
- Vendor security assessments
- Uptime & recovery SLAs
8.6 Fraud Risk
Particularly high in short-tenure and digital lending.
Controls:
- Device fingerprinting, IP analysis
- Bank statement patterning
- AI/ML anomaly detection
- Bureau and industry negative lists
- Real-time loan blocking rules
All confirmed events shall be investigated and reported to CRO.
8.7 Regulatory & Compliance Risk
R. K. Bansal Finance Private Limited shall fully comply with:
- RBI NBFC Master Directions
- Digital lending guidelines (DLG)
- Fair Practices Code
- AML/KYC norms
- Outsourcing guidelines
- Data privacy norms/ DPDP Guidelines
Compliance shall be independently monitored with quarterly reporting.
8.8 Outsourcing / Vendor Risk
Evaluated on:
- Financial soundness
- Data security posture
- Business continuity
- Experience & credentials
- Regulatory compliance track record
SLAs shall define:
- Uptime
- Turnaround times
- Incident reporting
- Penalties & corrective timeframes
8.9 Strategic Risk
Monitored through business reviews covering:
- Competition
- Regulatory developments
- Profitability trends
- Macroeconomic factors
- Risk-return alignment
8.10 Reputational Risk
Prevented through:
- Transparent disclosures
- Ethical collection practices
- Social media monitoring
- Stringent vendor evaluation
- Zero-tolerance whistleblower framework
9. Business Continuity & Disaster Recovery
R K Bansal Finance Private Limited shall:
- Maintain DR sites
- Perform periodic failover testing
- Document recovery time objectives (RTO) and RPO targets
- Ensure critical systems are cloud-based and redundant
10. Policy Review & Revision
- This policy shall be reviewed at least annually.
- Earlier revisions may occur due to regulatory changes, risk trends, or business expansion.
- All revisions require approval of the Board of Directors.
11. Effective Date
This Policy comes into force from the date of Board approval.