The Pension Fund Regulatory and Development Authority (PFRDA), through its circular dated 17 June 2026, has introduced a revised audit framework for Points of Presence (PoPs) undertaking National Pension System (NPS) and NPS Vatsalya activities. PoPs with fewer than 10,000 subscribers must undergo an external audit once every three financial years, while those with 10,000 or more subscribers must be audited annually. PoPs with fewer than 100 NPS accounts are exempt until they reach the threshold. The circular prescribes eligibility norms for auditors, a three-year tenure with a two-year cooling-off period, detailed audit formats, reporting procedures, and a comprehensive audit scope covering KYC/AML compliance, subscriber onboarding, contributions, grievance redressal, withdrawals, cybersecurity, fraud prevention, record maintenance, and regulatory compliance. Failure to submit audit reports within prescribed timelines may result in PFRDA arranging audits at its discretion, reinforcing stronger governance, accountability, and operational oversight across PoPs.
PENSION FUND REGULATORY AND DEVELOPMENT AUTHORITY
Circular No. PFRDA/2026/36/SUP-POP/05 | Dated: 17th June 2026
To,
All Point of Presence (PoPs) performing activities of NPS (PoPs – NPS)
Subject: Audit of Points of Presence (PoPs) performing activities of National Pension System (NPS) including NPS Vatsalya (PoPs – NPS)
1. PoPs registered under Regulation 3(1)(a) of Pension Fund Regulatory and Development Authority (Points of Presence) Regulations, 2018 and amendment thereof and performing activities of NPS (PoPs-NPS) shall ensure that the accounts and processes maintained under NPS are audited as per the provisions of Operational Guidelines issued vide Circular dated 27thFebruary 2026 issued under PFRDA (PoP) Regulations, 2018 and amendment thereof and as per the periodicity prescribed by the Authority by an independent external chartered accountant/audit firm. The eligibility norms for appointment of auditor is prescribed at Annexure 1.
2. For submission of audit report (under the revised framework), PoPs have been categorized basis the number of associated subscribers as on the last day of the financial year and the same shall be applicable from the period April 1, 2026 to March 31, 2027. The categories for the same are tabulated below:
| Category | Subscriber base (as on the last day of the Financial Year) | Audit frequency | Due date of first audit report |
| I | Less than 10,000 | Once in three FY (For all three years) | 30.06.2029 (if audit report for FY 2025-26 has been submitted) |
| II | 10,000 and above | Every FY | 30.06.2027 |
Note: Point of Presence (PoPs) having less than 100 NPS accounts are exempted from submission of Audit Report. However, upon acquiring 100 or more subscribers, PoP shall be required to submit the Audit Report for all preceding financial years.
3. The scope of such audit shall cover, inter-alia, the existence, scope, adequacy and efficacy of internal control system, procedures and safeguards, compliance with the provisions of the Pension Fund Regulatory and Development Authority Act, 2013, Pension Fund Regulatory and Development Authority (Points of Presence) Regulations, 2018 and amendment thereof and Guidelines/ Circulars/Notifications issued by the Authority, KYC requirements as per PML Act/Rules and data security in respect of the operations of such Point of Presence. The Broad Scope of Audit is listed at Annexure 2.
4. PoPs must maintain the books of accounts and records including electronic records and documents as stipulated in the Regulations/Guidelines/Circulars/Notifications issued by the Authority from time to time.
5. The Audit Report format along with Instructions is placed at Annexure 3.
6. The Audit Report shall be reviewed by the Authority and appropriate course of action would be pursued in cases where reports are not as per the requirements.
7. In accordance with Regulation 27 of the Pension Fund Regulatory and Development Authority (Point
of Presence) (Amendment) Regulations, 2026, the Authority may, at its discretion, arrange for the conduct of an audit of PoPs that fail to submit the Audit Report within the timelines prescribed under this circular.
8. PoPs are advised to ensure compliance with the above.
(Ashish Kumar)
Chief General Manager
Annexure 1
ELIGIBILITY NORMS FOR SELECTION OF AUDITOR
1. PoPs shall appoint the external auditor as per the list of auditors empaneled by any of the Financial Sector Regulator (FSRs) including PFRDA to conduct the audit for activities related to NPS. Further, the central/ state government department/ entities shall conduct the audit through the internal audit department or through the external auditor as per the list of auditors empaneled by any of the FSRs including PFRDA.
2. PoPs shall appoint the Auditor as per the eligibility criteria prescribed by the PFRDA, with the approval of the Audit Committee or the Board, wherever the Audit Committee is not present.
3. PoPs who are non-listed Government entities may engage the internal audit department or appoint Auditor as per the eligibility criteria prescribed by the PFRDA with the approval of Competent Authority.
4. Auditors shall be appointed for a tenure of three years.
5. Auditors will have a cooling period of two years in respect of the same PoP. After completion of tenure of three years, audit entity should not accept any audit assignment of that PoP during the next two years.
Annexure 2
SCOPE OF WORK OF AUDIT
NATIONAL PENSION SYSTEM (NPS)
Auditor appointed by the PoP shall conduct the audit of the PoP for activities related to NPS including NPS Vatsalaya. The Broad Scope of Work of Auditor is as under:
i. Subscriber registration/On Boarding of subscribers under NPS (including NPS Vatsalaya).
ii. Compliance of KYC/AML/CFT guidelines dated 25th September 2025 (as amended) (including re-KYC) issued by the Authority.
iii. Collection and processing of initial contribution and subsequent contribution received from the subscribers.
iv. Uploading of Subscriber Contribution File (SCF) in CRA System and Transfer of Fund to Trustee Bank as per specified TATs in Operational Guidelines.
v. Maintenance of collection account by the PoP in accordance with provisions of PFRDA (PoP) Regulations 2018 and amendment thereof and guidelines issued there under.
vi. Reconciliation of subscriber’s contribution received by the PoP in the collection account and maintenance of audit trail for the same. Identification of unreconciled contribution amount which are pending for reconciliation for more than seven years and recording the efforts taken by PoPs to reconcile such contribution amounts.
vii. Subscriber grievance handling by the PoPs as prescribed under Redressal of Subscriber Grievance Regulations, 2015 (as amended) and circulars issued there under.
viii. Quality assurance of grievance resolution as per the provisions under Para F (5) of Operational Guidelines for PoPs.
ix. Receiving and processing service requests such as change in subscriber details, address, Pension Fund Change, Inter-sector shifting, etc. received from the subscribers in CRA system.
x. Receiving and processing of subscriber withdrawal/exit request with in timelines laid down in the Operational Guidelines, including death related cases.
xi. Adherence to the TATs laid down under the guidelines issued by the Authority.
xii. Payment of compensation by PoP for delayed activities as prescribed under Operational Guidelines.
xiii. Engagement of Services of Pension Agents as per regulation 44 and its code of conduct as per schedule II of Pension Fund Regulatory and Development Authority (Point of Presence) (Amendment) Regulations, 2023.
xiv. Adherence to the charge structure prescribed by Authority.
xv. Maintenance of Books of Accounts by the PoPs.
xvi. Verification of exception report submitted by PoPs to PFRDA.
xvii. The auditor shall verify the status of open observations from the inspection conducted by PFRDA during the last three financial years to ensure their closure. If any observations remain unresolved, the auditor shall report them to the management of PoP for appropriate action and closure.
xviii. Compliance with the circulars/ guidelines/ notifications/instructions issued by PFRDA and/ or any other Statutes.
xix. Adherence to the requirement under Information and Cyber Security Policy Guidelines issued by PFRDA
xx. Appointment and discharge of responsibilities of Compliance Officer, Designated Director and
Principal Officer.
xxi. Verification of fraud prevention and risk mitigation measures implemented by PoP.
xxii. Any other activity under the relevant regulations/circulars/guidelines/ notifications/instructions issued by PFRDA.
Note: The scope as specified above is only indicative and not exhaustive
Annexure 3
AUDIT REPORT
(To be furnished on the letter head of the Audit Firm)
CERTIFICATE FOR AUDIT
We have examined the relevant books of accounts, records and documents maintained by M/s _____________________, (name of the Point of Presence (PoP)) bearing Pension Fund Regulatory and Development Authority (PFRDA) Registration Number __________under NPS and to fulfill the audit requirement, as prescribed by Pension Fund Regulatory and Development Authority (Points of Presence) Regulations, 2018 (as amended) and Guidelines issued there under, for the financial year___.
The purpose of this audit is to examine that the processes, procedures followed and the operations carried out by the Point of Presence (including the operations by its Pension Agents/Business Correspondents / any other service provider permitted by the PFRDA from time to time) are as per the applicable Acts, Rules, Regulations, By-laws prescribed by the Authority and Guidelines, Circulars, Notifications etc. issued thereunder.
We have obtained all the information and explanations, and examined the relevant books which to the best of our knowledge and belief, were necessary for the purpose of this Audit. In our opinion, proper books of accounts, records and documents, as per the regulatory requirement…………. (have/have not) been maintained by the PoP.
Based on examination of the processes, procedures followed and the operations carried out by the Point of Presence, to the best of our knowledge and belief and according to the information and explanations given to us, we certify that the Point of Presence………. (has/does not have) adequate internal control for ensuring orderly and efficient conduct of its business, including adherence to Acts, Rules, Regulations, By-laws prescribed by the Authority and Guidelines, Circulars, Notifications etc. issued thereunder, safeguarding the subscribers interest, prevention and detection of frauds and errors, accuracy and completeness of the books of accounts, records and documents.
We have conducted the audit within the framework provided by the Authority for the purpose of this Audit. To the best of our knowledge and belief and according to the information and explanations given to us, material fraud/non-compliance/misrepresentation/violation by the Point of Presence…………….. (is/is not) observed during the course of this audit.
Based on the scrutiny of relevant books of accounts, records and documents, we certify that the Point of Presence …………(has/has not) complied with the relevant provisions of Pension Fund Regulatory and Development Authority Act, 2013, and Pension Fund Regulatory and Development Authority (Points of Presence) Regulations, 2018 and amendment thereof (Chapter IV, Regulations 23-28 & Chapter VI, Regulation 44) and various guidelines and circulars of the Authority.
We declare that we do not have any direct / indirect interest in or relationship with the Point of Presence or its shareholders / directors / partners / proprietors / management and also confirm that we do not perceive any conflict of interest in such relationship / interest while conducting audit of the said PoP.
In our opinion and to the best of our knowledge based on information provided and according to the explanations given to us by the Management/compliance officer, the Report provided by us (along with Enclosure – 1 and Enclosure – 2) and subject to our observations, which covers the entire scope of the audit, is true and fair.
Name of Chartered Accountant along with seal & signature:
Name of the Proprietor / Partner:
Membership no. / CP. No.:
UDIN No.:
Date:
Place:
