The Pension Fund Regulatory and Development Authority (PFRDA), through Circular No. PFRDA/2026/38/SUP-POP/07 dated 17 June 2026, has introduced a revised audit framework for Points of Presence (PoPs) performing NPS-Lite activities. The circular mandates that PoPs appoint independent external chartered accountants or audit firms meeting prescribed eligibility criteria to conduct audits covering a three-year period, with reports to be submitted once every three years within three months from the end of the relevant financial year. The first audit under the revised framework will cover the period from 1 April 2026 to 31 March 2027, with submission due after FY 2028-29. The audit scope includes internal controls, regulatory compliance, KYC/AML obligations, cyber security, grievance redressal, subscriber servicing, fund management, withdrawals, record maintenance, and compliance with PFRDA regulations and circulars. The Authority may arrange audits for PoPs failing to submit reports within prescribed timelines.
PENSION FUND REGULATORY AND DEVELOPMENT AUTHORITY
Circular No.: PFRDA/2026/38/SUP-POP/07 | Dated: 17th June 2026
To,
All Point of Presence (PoPs) performing activities of NPS-Lite (PoPs-NPS-Lite)
Subject: Audit of Points of Presence performing activities of NPS-Lite (PoPs-NPS-Lite)
1. PoPs registered under Regulation 3(1)(c) of Pension Fund Regulatory and Development Authority (Points of Presence) Regulations, 2018 and amendment thereof and performing activities of NPS-Lite (PoPs-NPS-Lite) shall ensure that the accounts and processes maintained under NPS-Lite are audited as per the provisions of Operational Guidelines issued vide Circular dated 27th February 2026 under PFRDA (PoP) Regulations, 2018 and amendment thereof and as per periodicity prescribed by the Authority by an independent external chartered accountant/audit firm. The eligibility norms for appointment of auditor by PoP is prescribed at Annexure 1.
2. PoPs-NPS Lite to submit the Audit Report (under the revised framework) once in every three (3) years (for all three years), within 3 months from the end of Financial Year (FY) or as specified by the Authority from time to time and the first such Audit Report (under the revised framework) shall be applicable from the period April 1, 2026 to March 31, 2027.
3. Further, PoPs shall submit their first Audit Report (under the revised framework) within three months from the end of FY 2028-29, provided that the Audit Report for FY 2025-26 has already been submitted.
4. The scope of such audit shall cover, inter-alia, the existence, scope, adequacy and efficacy of internal control system, procedures and safeguards, compliance with the provisions of the Pension Fund Regulatory and Development Authority Act, 2013, Pension Fund Regulatory and Development Authority (Points of Presence) Regulations, 2018 and amendment thereof and Guidelines/ Circulars/Notifications issued by the Authority, KYC requirements as per PMLA Act/Rules and data security in respect of the operations of such Point of Presence. The Broad Scope of Audit is listed at Annexure 2.
5. PoPs must maintain the books of accounts and records including electronic records and documents as stipulated in the Regulations/Guidelines/Circulars/Notifications issued by the Authority from time to time.
6. The Audit Report format along with Instructions is placed at Annexure 3.
7. The audit reports shall be reviewed by the Authority and appropriate course of action would be pursued in cases where reports are not as per the requirements.
8. In accordance with Regulation 27 of the Pension Fund Regulatory and Development Authority (Point of Presence) (Amendment) Regulations, 2026, the Authority may, at its discretion, arrange for the conduct of an audit of PoPs that fail to submit the Audit Report within the timelines prescribed under this circular.
9. PoPs-NPS-Lite are advised to ensure compliance with the above.
(Ashish Kumar)
Chief General Manager
Annexure 1
ELIGIBILITY NORMS FOR SELECTION OF AUDITOR
1. PoPs-NPS-Lite shall appoint the external auditor as per the list of auditors empaneled by any of the Financial Sector Regulator (FSRs) including PFRDA to conduct the audit for activities related to NPS-Lite. Further, the central/ state government department/ entities shall conduct the audit through the internal audit department or through the external auditor as per the list of auditors empaneled by any of the FSRs including PFRDA.
2. PoPs shall appoint the Auditor as per the eligibility criteria prescribed by the PFRDA, with the approval of the Audit Committee or the Board, wherever the Audit Committee is not present.
3. PoPs who are non-listed Government entities may engage the internal audit department or appoint Auditor as per the eligibility criteria prescribed by the PFRDA with the approval of Competent Authority.
4. Auditors shall be appointed for a tenure of three years.
5. Auditors will have a cooling period of two years in respect of the same POP. After completion of tenure of three years, audit entity should not accept any audit assignment of that POP during the next two years.
Annexure 2
SCOPE OF WORK OF AUDIT
NATIONAL PENSION SYSTEM — LITE (NPS-LITE)
Auditor appointed by the PoP shall conduct the Audit of the PoP for activities related to NPS-Lite. The Broad Scope of Work of Auditor is as under:
i. Collection and processing of initial contribution and subsequent contribution received from the subscribers.
ii. Compliance of KYC/AML/CFT guidelines dated 25th September 2025 (including all subsequent amendments) issued by the Authority.
iii. Uploading of Subscriber Contribution File (SCF) in CRA System and Transfer of Fund to Trustee Bank as per specified TATs.
iv. Maintenance of collection account by the PoP in accordance with provisions of PFRDA(PoP) Regulations 2018 and guidelines issued there under.
v. Reconciliation of subscriber’s contribution received by the PoP in the collection account and maintenance of audit trail for the same.
vi. Identification of unreconciled contribution amount which are pending for reconciled for more than seven years and recording the efforts taken by PoPs to reconcile such contribution amounts.
vii. Subscriber grievance handling by the POPs as prescribed under Redressal of Subscriber Grievance Regulations, 2015 (as amended) and circulars issued there under.
viii. Quality assurance of grievance resolution as per the provisions under Para F (5) & (6) of Operational Guidelines for PoPs.
ix. Receiving and processing service requests such as change in subscriber details, address, and Pension Fund Change, Inter-sector shifting, re-KYC, migration to NPS/APY etc. received from the subscribers in CRA system.
x. Receiving and processing of subscriber withdrawal/exit request with in timelines laid down in the Operational Guidelines, including death related cases.
xi. Adherence to the timeframe laid down under the guidelines issued by PFRDA.
xii. Payment of compensation by PoP for delayed activities as per laid down in extant Regulations and guidelines.
xiii. Charges collected by the PoPs and to check the limits, mode and manner of collection as laid down by PFRDA.
xiv. Maintenance of Books of Accounts by the PoPs.
xv. Verification of Compliance report submitted by PoPs to PFRDA.
xvi. The auditor shall verify the status of open observations from the inspection conducted by PFRDA during the last three financial years to ensure their closure. If any observations remain unresolved, the auditor shall report them to the management of PoP for appropriate action and closure.
xvii. Compliance with the circulars/ guidelines/ notifications/instructions issued by PFRDA and/ or any other Statutes.
xviii. Adherence to the requirement under Information and Cyber Security Policy Guidelines issued by PFRDA.
xix. Appointment and discharge of responsibilities of Compliance Officer, Designated Director and Principal Officer.
xx. Verification of fraud prevention and risk mitigation measures implemented by PoP.
xxi. Any other activity under the relevant regulations/circulars/ guidelines/ notifications/instructions issued by PFRDA.
Note: The scope as specified above is only indicative and not exhaustive
Annexure 3
FORMAT OF AUDIT REPORT
(To be furnished on the letter head of the Audit Firm)
CERTIFICATE FOR AUDIT
We have examined the relevant books of accounts, records and documents maintained by M/s______________________________________________ , (name of the Point of Presence (PoP)) bearing Pension Fund Regulatory and Development Authority (PFRDA) Registration Number _________________________ under NPS-Lite and to fulfill the audit requirement, as prescribed by Pension Fund Regulatory and Development Authority (Points of Presence) Regulations, 2018 (as amended) and Guidelines issued there under, for the financial year_____
The purpose of this audit is to examine that the processes, procedures followed and the operations carried out by the Point of Presence (including the operations by its facilitators/Business Correspondents/any other service provider permitted by the PFRDA from time to time) are as per the applicable Acts, Rules, Regulations, By-laws prescribed by the Authority and Guidelines, Circulars, Notifications etc. issued thereunder.
We have obtained all the information and explanations, and examined the relevant books which to the best of our knowledge and belief, were necessary for the purpose of this Audit. In our opinion, proper books of accounts, records and documents, as per the regulatory requirement ……………………. (have/have not) been maintained by the PoP-NPS-Lite.
Based on examination of the processes, procedures followed and the operations carried out by the Point of Presence, to the best of our knowledge and belief and according to the information and explanations given to us, we certify that the Point of Presence …………………………….. (has/does not have) adequate internal control for ensuring orderly and efficient conduct of its business, including adherence to Acts, Rules, Regulations, By-laws prescribed by the Authority and Guidelines, Circulars, Notifications etc. issued thereunder, safeguarding the subscribers interest, prevention and detection of frauds and errors, accuracy and completeness of the books of accounts, records and documents.
We have conducted the audit within the framework provided by the Authority for the purpose of this Audit. To the best of our knowledge and belief and according to the information and explanations given to us, material fraud/non-compliance/misrepresentation/violation by the Point of
Presence…………………….. (is/is not) observed during the course of this audit.
Based on the scrutiny of relevant books of accounts, records and documents, we certify that the Point of Presence …………………….. .(has/has not) complied with the relevant provisions of Pension Fund
Regulatory and Development Authority Act, 2013, and Pension Fund Regulatory and Development Authority (Points of Presence) Regulations, 2018 (Chapter IV, Regulations 23-28) and various guidelines and circulars of the Authority.
We declare that we do not have any direct / indirect interest in or relationship with the Point of Presence or its shareholders / directors / partners / proprietors / management and also confirm that we do not perceive any conflict of interest in such relationship / interest while conducting audit of the said PoP-NPS-Lite.
In our opinion and to the best of our knowledge based on information provided and according to the explanations given to us by the management/compliance officer, the Report provided by us (along with Enclosure -1 and Enclosure – 2) and subject to our observations, which covers the entire scope of the audit, is true and correct.
Name of Chartered Accountant along with seal & signature:
Name of the Proprietor / Partner:
Membership no. / CP. No.:
UDIN No.:
Date:
Place:
INSTRUCTIONS
These instructions are only indicative in nature and not exhaustive. These have been prepared based on the regulatory/supervisory requirement (as per relevant Acts, rules, regulations and circulars) which keep evolving from time to time. The auditors should peruse them and report other irregularities, if observed while conducting audit.
A. Instructions to both Auditor and PoP:
a) The copy of audit report should be submitted to PFRDA by PoP as per the report format specified above.
B. Instructions to Auditor:
a) The auditors should clearly indicate ‘Yes’ indicating Compliance, ‘No’ indicating Non-compliance and ‘NA’ wherever ‘Not Applicable’.
b) Sample size indicated in the format of the above Audit Report is minimum sample size. Auditor may determine the optimum sample so as to be able to satisfy himself/ herself about the objectives of the audit. The indicative sample size for relevant category, as applicable to the PoP (as detailed in Enclosure – 1) shall be taken by the auditor.
c) Auditor shall specifically declare about direct / indirect interest in or relationship with the Point of Presence or its shareholders / directors / partners / proprietors/ management if any and also confirm that they do not perceive any conflict of interest in such relationship / interest while conducting audit of the said Point of Presence.
d) In case any violations/qualifications/observations are observed by the auditor the same shall be submitted as annexure with complete details and should be quantified specifying the number of instances, value etc. and the evidences should be enclosed with the Audit Report.
e) Membership number allotted by the affiliated professional body should be quoted at the bottom of the report as provided in the format of the Audit Report.
f) Each page of the report shall be signed and stamped by the auditor/ e-signed.
C. Instructions to PoP:
a) In case of any non-compliances/findings/observations/adverse remarks are made by the auditor, management remarks should be given against such point(s) by the PoP.
b) PoP to mention the date on which the audit report has been presented to the Board/Management/Audit Committee for their approval and indicate corrective and preventive actions taken by the management for addressing the deficiencies along with the timeliness of when the agreed suggestions would be implemented.
c) Improvements brought about in the operations between the last audit and the current audit shall be submitted.
Note: In case audit report submitted is incomplete and not as per the guidelines viz sample size not given, only certificate submitted without report etc, same would be treated as non-submission of audit report. The Authority reserves the right to direct a Point of Presence to either get the audit redone for completing the set audit process and format or change its auditor if quality of the report is not satisfactory or the audit is not carried out as per guidelines.
D. Process flow for submission of Audit Report:
a) Auditor to submit the first draft of the Audit report as per the prescribed format to PoP seeking management remarks.
b) PoP to submit the Audit Report with management remarks to the Auditors within the specified timeline (in the absence of non-submission of management remarks by PoPs within timelines, it will be considered as `PoP has no remarks to offer’)
c) Post-processing of management remarks by the Auditor by way of clearly indicating its view/comments/observation on management remarks submitted by PoP, the auditor to submit the report to PoP and in turn, PoP to submit the final audit report to Board /Audit Committee under copy to PFRDA. PoP to also submit the Board/Audit Committee observations on the Auditor Certificate to PFRDA, if any.
E. Indicative processes/guidance for verification of respective areas:
1. Subscriber registration and documentation/PML/AML Compliance
a) Checks and balances for Know Your Customer (KYC)/Customer Due-Diligence in accordance with PML Act/Rules.
b) Procedure followed by the POP for informing the PRAN and other details to the subscribers & uploading to the CRA system of such data and transfer of clear funds to the Trustee bank.
2. NPS Lite Subscriber Service Request management and risk management systems
a) Procedure adopted for receipt of request for services from subscribers
b) Mechanism for order management and execution of subscriber requests for service.
c) Procedure adopted for providing online platform for NPS Lite account and operations facility
d) Procedure followed for allotting of user id and password, change of password etc.
e) Internal controls for online NPS Lite account access and usage.
f) Process walk through and verification of procedure adopted for implementation of internal code of conduct and internal controls to prevent violation of guidelines or Service level standards stipulated for various activities under NPS Lite.
3. Dealing with subscribers’ funds
a) Verification of internal controls adopted by the PoP while accepting banker’s cheque / demand draft from subscribers
b) Procedure for ensuring that receipts and payment of funds are from/to respective subscriber only
c) Verification of following books of accounts/records
i. Register of contributions received (cheques, DDs and Cash or online transactions)
ii. Register of transaction history done by the Point of Presence upon requests from NPS Lite subscribers.
iii. Bank Statements
iv. CRA related transaction books/accounts maintained by Point of Presence (PoP)
v. Cash Book
vi. Bank Book
All such registers should at least contain information on about Name of the subscriber, PRAN, date of receipt of contribution/ subscriber request ,contribution amount, branch name, date of depositing the contribution amount under NPS Lite into the NPS Lite Collection account of the PoP, date of SCF upload, date of fund remittance, date of uploading the service related requests including exit/withdrawal request into the CRA system, date of authorization by the PoP or any other additional parameter as may be considered by the PoP for maintenance of proper audit trail at the level of the PoP.
4. Banking and NPS Lite account operations
a) Procedure for segregation of own and NPS Lite subscribers’ funds and instruments (in separate accounts)
b) Internal controls for use of subscriber bank and subscriber NPS Lite accounts only for authorized purpose.
5. Management of branches of PoP / facilitators and internal control
a) System and Policy followed for opening / closing of branch Procedure adopted to inform the same to subscribers.
b) Periodicity and procedure adopted for inspection of branches / facilitators (if any).
c) Reporting mechanism and mode of informing the inspection observations to branches / facilitators and follow up action plan.
d) Policy of fixing of roles and responsibilities of officials in head office, branches and facilitators.
e) Documentation of Internal controls and Comments on Internal controls in place.
6. Subscriber grievance handling
a) Mechanism to monitor complaints lodged with branches / facilitators and entry of the same in CGMS system of CRA.
b) Mechanism to monitor complaints lodged in CGMS in CRA against POP. Maintenance of complaints register.
c) Redressal mechanism for complaints registered against the POP Verification of subscriber grievance register and email id
d) Internal control for verification of complaints received through the designated email —id
7. Maintenance of Books of Accounts
As prescribed under extant regulations of Pension Fund Regulatory and Development Authority (Points of Presence) Regulations, 2018 and amendment thereof, books of accounts, registers and records to be maintained, with the required details and for the stipulated period as per regulatory/supervisory requirement. All such records can be maintained electronically in retrievable mode (as and when required), however physical copies of relevant documents are to be maintained by concerned office.
F. References:
Please refer following website for more information:
a) https://www.pfrda.org.in
b) https://npstrust.org.in
c) https://cra.nps-proteantech.in/CRA
d) https://cra.kfintech.in
e) https://www.camsnps.in
