Step-by-Step Guide to Audit of IFSC Company under Indian Regulations

The Audit of IFSC Registered Entity is a critical compliance requirement under both the International Financial Services Centres Authority (IFSCA) framework and the Companies Act, 2013. With GIFT City Gandhinagar emerging as India’s global financial hub, the role of statutory and internal audits has become central to regulatory oversight and investor confidence.

This article (Part 1 of a 3-part series) explains:

• The scope of statutory audit of IFSC entities
• The role of internal and other audits mandated by IFSCA
• Applicability across banking units, finance companies, fund managers, insurance offices, capital market intermediaries, and fintech entities operating in GIFT IFSC.

1. Statutory Audit of IFSC Registered Entity

Applicability

Every IFSC-registered entity incorporated as a company or LLP is required to undergo an annual statutory audit under the Companies Act, 2013. This includes:

• Banking Units (IBUs)
• Finance Companies / NBFCs
• Fund Management Entities (FMEs) / Alternative Investment Funds (AIFs)
• Insurance Offices & Intermediaries
• Capital Market Intermediaries (brokers, custodians, DPs)
• Payment Service Providers and fintech entities

Key Provisions

• Auditor Qualification: Only a Chartered Accountant in practice (ICAI member) can act as statutory auditor.
• Audit Report: Issued as per Section 143 of Companies Act, 2013, covering true & fair view, internal controls, and compliance with accounting standards (Ind AS / IFRS as permitted).
• Submission: Audited financial statements and auditor’s report must be filed with IFSCA and the Registrar of Companies (RoC), generally within 30 days of AGM (by 30th September each year).
• Exemptions: Certain relaxations apply to IFSC companies, such as exemption from mandatory audit committee (Sec. 177) and CSR provisions (Sec. 135) for the first five years.

2. Internal Audit of IFSC Registered Entity

Applicability

Internal audits are mandated based on the nature, size, and sector of the IFSC entity:

• Banking Units (IBUs): Required to maintain a robust internal audit framework with unrestricted access to records.
• Finance Companies (NBFCs in IFSC): Deposit-taking and large NBFCs must appoint an internal auditor under Section 138 of Companies Act, 2013.
• Insurance Intermediaries & Offices: Internal audits as part of IRDAI-aligned governance requirements.
• Capital Market Intermediaries: Brokers, custodians, and depository participants may require CA/CS firms as internal auditors.

Purpose

• Assess adequacy of risk management controls
• Ensure regulatory compliance with IFSCA norms
• Strengthen financial and operational controls
• Provide assurance to Boards, compliance officers, and principal officers

3. Other Audits & Special Reviews

Beyond statutory and internal audits, IFSCA mandates several specialized audits:

• Concurrent Audit: Common in banking units handling high transaction volumes. Ensures continuous monitoring of compliance and risk.
  
  
• Cybersecurity Audit: Annual IT/cyber audit is compulsory for all IFSC entities under IFSCA’s Cyber Resilience Framework. Conducted by independent, qualified IT auditors, these audits certify data protection, cyber hygiene, and resilience.
  
  
• Sector-Specific Audits:
  • Fund Managers / AIFs: Audit of scheme accounts by an independent CA.
  • Insurance Offices: Actuarial audits for liability valuation.
  • Payment Service Providers: CA certification of escrow balances and system controls.

4. Why Audits Matter for IFSC Entities

• Regulatory Compliance: Ensures adherence to both Companies Act and IFSCA regulations.
• Investor Confidence: Strengthens transparency for global investors in GIFT IFSC.
• Governance & Risk Management: Builds trust with boards, CFOs, and regulators.
• Global Benchmarking: Positions GIFT City entities at par with international financial jurisdictions.

Conclusion

Statutory and internal audits form the foundation of governance for IFSC registered entities. N Pahilwani and Associates is based in GIFT City, Gandhinagar. From annual statutory audits by Chartered Accountants to internal and specialized audits like cybersecurity, these layers of oversight create a strong compliance ecosystem in GIFT IFSC.