Audit of Foreign Subsidiaries for Annual Performance Report under FEMA

Audit of Foreign Subsidiaries for Annual Performance Report (APR) under FEMA – A Technical Analysis of Regulation 22(2)(a), Host- Country GAAS, and AD Bank Acceptance Standards

1. Introduction

The Annual Performance Report (APR) under the Foreign Exchange Management (Overseas Investment) Regulations, 2022 (“OI Regulations” or “FEMA 400”) is widely understood as a compliance filing obligation. What is less well understood — and the source of most AD Bank rejections, compounding proceedings, and practical impasses — is the audit obligation embedded within it.

Rule 23 of the Foreign Exchange Management (Overseas Investment) Rules, 2022 (“OI Rules”) read with Regulation 22(2)(a) of FEMA 400 and Annex II of the RBI Master Direction on Direct Investment by Residents in Overseas Entities (FED Master Direction No. 15/2024-25 dated July 24, 2024) creates a mandatory obligation to submit an APR backed by audited financial statements of the foreign entity — not audited financials of the Indian parent, not management accounts, and not statements certified by the Indian statutory auditor when control exists.

This article examines the precise legal basis of the audit requirement, the distinction between situations where host-country auditors are mandatory versus where Indian CAs may certify, the applicable audit standards jurisdiction-by-jurisdiction, and the practical documentation standards that Authorised Dealer (AD) Banks currently apply at the point of APR acceptance.

2. Legal Framework — The Three-Layer Audit Obligation

The audit requirement for APR does not arise from a single provision. It operates across three instruments read together:

Layer 1 — The OI Rules, 2022 (Rule 23)

Rule 23 of the OI Rules prescribes the form, content, and timing of the APR. It mandates annual filing with the AD Bank for each foreign entity in which ODI is held. The Rule references the OI Regulations for the specific content requirements of the APR.

Layer 2 — OI Regulations, 2022 (Regulation 22(2)(a), FEMA 400) 

Regulation 22(2)(a) states explicitly:

“The APR shall be based on the audited financial statements of the foreign entity.”

The proviso to this regulation carves out an exception:

“Provided that where the person resident in India does not have ‘control’ in the foreign entity and the laws of the host jurisdiction do not provide for mandatory auditing of the books of accounts, the APR may be submitted based on unaudited financial statements certified as such by the statutory auditor of the Indian entity or by a Chartered Accountant where the statutory audit is not applicable, including in case of resident individuals.”

This proviso is conjunctive — both conditions must be satisfied for the exception to apply:

(i) absence of control, and (ii) host-country law does not mandate audit. If either condition fails, audited financials are mandatory.

Layer 3 — RBI Master Direction (Annex II, Para 3)

The Master Direction (FED Master Direction No. 15/2024-25) operationalises the above through Annex II, which sets out the APR format and content requirements. Para 3 of Annex II reiterates the audit condition and specifies that the financial statements must be accompanied by the auditor’s report.

Practical consequence: An Indian company holding 51% equity in a US LLC (control exists) must file APR based on audited financial statements of that LLC — even if the LLC is pre-revenue, even if US federal law does not mandate an audit of an LLC, and even if the LLC has never been audited before. The host-country exemption does not apply because control exists.

3. The “Control” Determination — More Nuanced Than 10% Equity

A common misreading of the OI framework conflates the ODI threshold (10% equity with control) with the audit trigger. The audit trigger under Regulation 22(2)(a) is specifically tied to control, not to the percentage of equity holding alone.

“Control” is defined under the OI Rules to mean the right to appoint a majority of directors or to control the management or policy decisions of a foreign entity, exercisable by a person or persons acting individually or in concert, directly or indirectly, including by virtue of shareholding, management rights, shareholders’ agreements or voting Agreements.

Scenarios with implications:

Equity Held Control? Audit Required?

10% or more, board

majority

Yes Yes — audited FS mandatory

10% or more, no board control

No Only if host country mandates

Less than 10%, passive No APR itself not required (see Rule 23 exemption)

10% exactly, tied voting Fact-specific Seek legal opinion

51% held through step-down

Yes (indirect) Yes — audited FS mandatory

The step-down subsidiary (SDS) angle deserves particular attention. Where an Indian company holds 100% of a US holding company, which in turn holds 60% of a UK operating subsidiary, the APR obligation technically extends to both the US entity and the UK operating entity. Each requires separate audited financial statements from auditors qualified in the respective jurisdictions.

4. The Central Question: Can an Indian CA Conduct the Overseas Audit?

This is the most contested practical issue and the point at which most AD Banks currently raise objections.

4.1 The Regulatory Position

The OI Regulations do not expressly prescribe that the auditor of the foreign entity must be a locally licensed auditor in the host country. Regulation 22(2)(a) requires “audited financial statements” but is silent on who must conduct the audit.

However, the proviso creates an implicit standard. By allowing Indian CA certification only when host-country audit is not mandatory and control is absent, the regulations implicitly treat the mandatory-audit scenario as requiring compliance with host-country standards — which, in practice, means a locally authorised auditor.

4.2 The SA 800 Question

Some Indian CAs have taken the position that a special-purpose audit of the foreign entity’s financial statements can be conducted under ICAI’s SA 800 (Special Purpose Audit Engagements) for APR/FEMA regulatory purposes, even where the host country mandates a statutory audit.

This position is legally and practically untenable for the following reasons:

First, SA 800 governs the conduct of the audit by the ICAI member in India. It does not confer legal authority to audit a foreign entity. In jurisdictions like the United States, only a CPA licensed under the relevant State Board of Accountancy is legally permitted to issue an audit opinion on financial statements. An Indian CA issuing an audit opinion on a Delaware C-Corp’s financial statements would be acting outside their licensed jurisdiction — irrespective of what SA 800 says about the format of the engagement.

Second, AD Banks at the FIRMS portal level have increasingly required the audit report to confirm that the auditor is authorised under host-country law. A TaxTMI forum query from December 2025 records a scheduled private bank requiring the following statement in the  audit report’s Other Matters paragraph: “We are allowed to audit the foreign entity as per host country regulations and the audit of the foreign entity has been conducted as per host country regulations.” An Indian CA conducting an SA 800 audit cannot truthfully make this statement when the host country mandates a licensed local auditor.

Third, ICAI’s own Code of Ethics prohibits a member from making misleading or unsupported claims. Certifying compliance with host-country audit standards without being licensed under those standards would expose the Indian CA to disciplinary Proceedings.

4.3 When Can an Indian CA Certify Without a Host-Country Auditor?

The regulatory position permits Indian CA certification in the following scenario:

The Indian investor does not have control in the foreign entity; AND The laws of the host jurisdiction do not provide for mandatory auditing of the foreign entity’s books.

Classic examples where this carve-out legitimately applies: – A minority stake (say 15%) without board control in a US LLC, where federal law does not mandate audit of LLCs – A 20% holding without control in a Singapore Pte. Ltd. where the entity qualifies as an “exempt private company” under the Companies Act 1967 and is below the threshold for mandatory audit – A passive holding in a UK LLP where the entity is below the audit threshold under the Companies Act 2006.

In these cases, the Indian statutory auditor (or CA where statutory audit is inapplicable) may certify the unaudited financial statements. The certificate should explicitly state: (a) that the person resident in India does not have control in the foreign entity; (b) that the laws of the host jurisdiction do not require mandatory audit for this entity (with the specific exemption provision cited); and (c) that the statements have been verified and certified as presented.

5. Jurisdiction- Specific Audit Standards and Auditor Qualification Requirements When host-country audit is mandatory (or when the Indian investor holds control irrespective of host mandate), the following auditor qualification standards apply:

5.1 United States — US GAAP / PCAOB / AICPA Standards

Applicable GAAP: US GAAP under ASC (FASB Accounting Standards Codification) Applicable Auditing Standards: – For private companies not required to file with SEC:

Generally Accepted Auditing Standards (GAAS) as issued by the Auditing Standards Board (ASB) of the AICPA – For SEC registrants or broker-dealers: PCAOB Standards Auditor qualification: A Certified Public Accountant (CPA) licensed by a State Board of Accountancy and, where applicable, registered with PCAOB. AICPA membership and peer review compliance is standard for firms performing audits of private companies.

Entity-type nuances: – Delaware C-Corporation or S-Corporation: US GAAP mandatory; AICPA GAAS audit; CPA sign-off required – LLC taxed as partnership: US GAAP or other comprehensive basis of accounting; LLC operating agreements often do not mandate audit; however, if Indian parent has control, audit is still required under FEMA 400 — this audit must be conducted under AICPA standards by a licensed CPA – LLC treated as disregarded entity (single member): No separate financial statements required under US federal law, but FEMA APR still requires standalone audited financials of the LLC as a legal entity — a common practical gap  Currency: Financial statements in USD; currency translation to INR at RBI reference rates on the date of the balance sheet (or average rate for income statement items where applicable) must be added to the audit dossier.

5.2 United Kingdom — UK GAAP / FRS 102 / ISAs (UK)

Applicable GAAP: – FRS 102 (The Financial Reporting Standard applicable in the UK and Republic of Ireland) for most companies – FRS 105 for micro-entities (turnover below £632,000, balance sheet below £316,000, 10 or fewer employees — all three thresholds must be met)

Applicable Auditing Standards: International Standards on Auditing (UK) issued by the Financial Reporting Council (FRC)

Auditor qualification: A Registered Auditor under Part 42 of the Companies Act 2006, which requires membership of a Recognised Supervisory Body (RSB) — in practice, ICAEW, ACCA, or ICAS. An ICAEW or ACCA member who does not hold a Practising Certificate with audit registration cannot sign audit opinions in the UK. 

Mandatory audit threshold: Under the Companies Act 2006, a UK private limited company is exempt from statutory audit if it qualifies as “small” (satisfying at least two of:

turnover ≤ £10.2m, balance sheet ≤ £5.1m, employees ≤ 50). However, this exemption does not disapply the FEMA audit obligation. If the Indian investor has control, audited financial statements are required regardless of the UK statutory audit exemption.

Practical consequence: Many Indian-owned UK subsidiaries are below the Companies Act 2006 audit threshold and have never had a statutory audit. For APR purposes, if the Indian parent has control, a non-statutory audit under FRS 102 / ISAs (UK) by a UK Registered Auditor must be commissioned — often for the first time in the entity’s life.

5.3 Singapore — SFRS / SSAs

Applicable GAAP: Singapore Financial Reporting Standards (SFRS), which substantially converge with IFRS

Applicable Auditing Standards: Singapore Standards on Auditing (SSAs), issued by the Institute of Singapore Chartered Accountants (ISCA) and ACRA  Auditor qualification: A Public Accountant registered with ACRA under the Accountants

Act. ISCA membership alone is not sufficient — ACRA registration as a Public Accountant or an Approved Accounting Entity is required.

Mandatory audit threshold: Singapore private companies are exempt from statutory audit if they qualify as “small companies” (annual revenue ≤ SGD 10m, total assets ≤ SGD 10m, no more than 50 employees — two of three thresholds). Same position as UK applies: FEMA 400 audit requirement is independent of the Singapore small company exemption when the Indian investor has control.

5.4 Other Jurisdictions — Applicable Standards

Jurisdiction GAAP Audit Standards Auditor Body UAE / DIFC IFRS ISAs Registered UAE Auditor (MOE)

Canada ASPE or IFRS CASs (CPAB oversight for public)

CPA Canada member Australia AASB (IFRS-aligned) ASAs CA ANZ or CPA

Australia

Netherlands Dutch GAAP / IFRS Dutch Standards

(NV COS)

NBA registered RA

Mauritius IFRS ISAs MIA registered auditor

6. What the APR Audit Dossier Must Contain — AD Bank Acceptance Checklist

There is no RBI-prescribed format for the overseas auditor’s report. However, based on AD Bank practice (particularly private sector banks which apply stricter scrutiny at the FIRMS portal stage), the following documentation is expected:

6.1 Auditor’s Report Components

The audit report from the host-country auditor should contain:

1. Addressee: Typically addressed to the members/shareholders of the foreign entity, or to the management of the foreign entity

2. Opinion paragraph: Unqualified (or modified, with explanation) opinion that the financial statements present a true and fair view / are fairly presented in all material respects in accordance with [applicable GAAP]

3. Basis for opinion: Confirming the audit was conducted in accordance with [AICPA GAAS / ISAs (UK) / SSAs, as applicable]

4. Key Audit Matters (KAM): Required under ISAs for public interest entities; optional for private companies but increasingly expected by sophisticated AD Banks for larger entities

5. Other Matters paragraph: Should confirm that the auditor is licensed under host- country law to conduct this audit

6. Signature block: Name of the engagement partner, license/registration number, firm name, firm registration number, date, and location.

6.2 Financial Statements

Balance Sheet / Statement of Financial Position (as at the foreign entity’s year-end)

Statement of Profit & Loss / Income Statement

Cash Flow Statement (direct or indirect method per host-country GAAP)

Statement of Changes in Equity

Notes to Financial Statements (including related party transactions, contingent

liabilities, going concern disclosures)

Currency translation note: INR equivalent of each line item at RBI reference rate as

at balance sheet date

6.3 Form APR (previously Form ODI Part II)

The Form APR (as prescribed under the revised reporting framework post the OI Rules 2022) captures: – UIN (Unique Identification Number) of the ODI – Foreign entity details — name, country, date of incorporation, activity – Financial data — net worth, profit/loss, dividends declared and repatriated, loans outstanding – Share capital changes during the year – SDS investments if any – Declaration by authorised signatory of the Indian entity 6.4 Indian Parent CA Certificate.

Where the Indian investor has control and a host-country auditor has been engaged, the Indian statutory auditor must additionally certify that: – All amounts receivable from the foreign entity (dividends, interest, royalties) have been repatriated within 90 days of the due date – The financial commitment (FC) outstanding does not exceed 400% of the Indian entity’s net worth as at the last audited balance sheet This certificate is separate from the overseas audit report and is a requirement at the AD Bank level.

7. Financial Year Mismatch — A Frequently Ignored Complication

The APR is required to be submitted by December 31 each year. A common misunderstanding is that the APR covers the Indian financial year (April 1 to March 31). It does not.

The APR covers the foreign entity’s financial year that ended most recently before the December 31 filing date. If the US subsidiary has a calendar year-end (December 31), the APR due by December 31, 2025 should be based on audited financial statements for the year ended December 31, 2024. If the US subsidiary has a June 30 year-end, the APR due December 31, 2025 would be based on audited financial statements for the year ended June 30, 2025.

Consequence of misalignment: Indian companies often incorrectly direct their overseas accountants to prepare financial statements for the Indian financial year (April–March) for APR purposes. This results in financial statements that are not aligned with the foreign entity’s actual accounting records, statutory obligations, and host-country GAAP requirements — and creates a parallel set of accounts not anchored to any host-country filing, which some AD Banks flag.

The correct approach is to obtain audited financial statements for the foreign entity’s own financial year. If that year-end falls less than 90–120 days before December 31 (e.g., a September 30 year-end), the timeline for commissioning and completing the audit is extremely tight and requires engagement of the overseas auditor no later than October of the relevant year.

8. Back-Year APR Defaults — Regularisation and Retroactive Audit

Where an Indian party has missed APR filings for one or more years, the path to regularisation requires:

Step 1 — Retroactive Audit for Each Missed Year

The overseas subsidiary’s financial statements for each missed year must be audited. There is no RBI provision for substituting certification by the Indian CA for missed years where control exists. Each year’s audit must be conducted by the host-country auditor under the applicable standards, producing a stand-alone audited financial statement for that year.

Step 2 — Late Submission Fee (LSF)

Under the OI Regulations, an LSF of ₹7,500 per return applies for delayed APR filing. The LSF is calculated per APR (i.e., per foreign entity, per year). For an Indian company with three overseas subsidiaries and three years of defaults, the LSF exposure is ₹7,500 × 3 × 3 = ₹67,500, which is nominal compared to the cost of compounding.

Step 3 — FEMA Compounding (Where Applicable)

Where the default is more than a technical delay (e.g., the Indian party also made further ODI or financial commitments while APRs were pending), the matter may need to be compounded under Section 15 of FEMA read with the Compounding Rules. The RBI Enforcement Department has taken a stricter view of APR defaults post the 2022 OI Rules — particularly where step-down subsidiary creation occurred without APR compliance for the parent entity.

Step 4 — AD Bank Clearance

Once all back-year APRs are filed with LSF, the AD Bank should issue a formal acknowledgement and restore the ability to make outward remittances and new ODI.

9. Step-Down Subsidiaries (SDS) — A Separate APR Obligation

A point that is consistently overlooked: the creation of a step-down subsidiary (a foreign entity held by the Indian party’s first-level foreign entity) also triggers an APR obligation — not at the level of the SDS itself, but through disclosure in the APR of the first-level foreign Entity.

Under Annex II of the Master Direction, the APR of the first-level foreign entity must disclose all SDS investments — acquisitions, disposals, changes in shareholding pattern — during the year. Where the SDS has itself made investments in further entities, each layer requires disclosure. 

Additionally, where the Indian entity directly holds equity in the SDS (creating a direct ODI link), a separate APR obligation arises for the SDS as well.

For Indian companies with multi-jurisdictional structures (e.g., a Singapore holding company that owns a UK operating subsidiary and a US technology company), the APR burden multiplies accordingly: separate audits of the Singapore entity, the UK entity, and the US entity — each under the applicable host-country standards — and separate Form APR submissions for each through the AD Bank.

10. Common AD Bank Rejection Points and How to Pre-empt Them

Based on documented AD Bank scrutiny patterns, the following are the most frequent grounds for APR rejection at the FIRMS portal upload stage:

10.1 Audit Report Signed by Indian CA Without Proper Basis

Where the host country mandates audit and control exists, an audit report signed solely by an Indian CA (even under SA 800) will typically not be accepted. The AD Bank’s compliance team will flag the auditor’s credentials as insufficient.

Pre-emption: Ensure the audit report carries the name, license number, and registration details of the host-country licensed auditor. For US engagements, the CPA’s state license number and AICPA membership reference should appear on the report.

10.2 Financial Statements Not Prepared Under Host-Country GAAP

Statements prepared under Indian GAAP (Ind AS) or IFRS without reference to the host- country standards will raise flags — particularly for US entities, where the divergence between US GAAP and IFRS/Ind AS is significant (revenue recognition, lease accounting, financial instruments).

Pre-emption: The auditor’s report must explicitly reference the applicable host-country GAAP (e.g., “accounting principles generally accepted in the United States of America” or “FRS 102 as applicable in the United Kingdom”).

10.3 Currency Translation Missing

RBI requires that the APR data be reported in INR. Many overseas auditors provide financial statements only in the local currency without the required INR translation at RBI reference rates.

Pre-emption: Add a separate currency translation note or schedule to the audit dossier showing the exchange rate used, the source (RBI reference rate as published on the FBIL website), and the INR equivalent of each major line item.

10.4 UIN Mismatch

The UIN (13-digit alphanumeric identifier issued by RBI for each ODI) must match across the Form APR, the FIRMS portal records, and the investment details in the audit dossier.

Any discrepancy — arising from prior reporting errors or failure to update the UIN after restructuring — will cause rejection.

Pre-emption: Pull the UIN from FIRMS before commissioning the audit. Verify it matches the entity name, country, date of incorporation, and nature of investment as recorded in FIRMS. Raise an update request with the AD Bank before filing if any discrepancy is found.

10.5 Form APR Fields Inconsistent with Audited Financials

Net worth, profit/loss, dividend amounts, and financial commitment figures in Form APR must precisely match the audited financial statements. Any rounding difference or currency conversion inconsistency between what the Indian parent reports in Form APR and what the overseas auditor reports in the financial statements will cause FIRMS to flag the submission.

Pre-emption: Have the Indian parent’s CA reconcile every financial figure in Form APR to the audited financial statements line by line before submission.

11. Repatriation Certificate — The Obligation That Travels with the APR

Under Regulation 18 of FEMA 400, a person resident in India having ODI in a foreign entity is required to repatriate to India all dues receivable from the foreign entity (dividends, interest on loans, royalties, management fees) within 90 days of the due date.

The Indian statutory auditor must certify, as part of the APR submission, that all such repatriation has occurred. This certificate is not part of the overseas audit report — it is a separate certificate issued by the Indian statutory auditor based on examination of the Indian parent’s records.

Where repatriation has not occurred (for legitimate reasons — regulatory restrictions in the host country, dispute, reinvestment approval under the 50% ploughback rule, etc.), the reasons must be documented and the AD Bank informed. Silent non-repatriation accompanied by an APR filing is a FEMA violation separate from the APR default itself.

12. Conclusion

The audit requirement embedded in FEMA’s APR framework is substantive, jurisdiction- specific, and significantly more demanding than a routine Indian CA certification exercise.

The 2022 OI Regulations have sharpened this obligation by tying the mandatory audit requirement explicitly to control, removing the previous ambiguity.

The key points for compliance professionals advising Indian entities with overseas investments are:

The audit trigger is control, not just 10% equity holding Where control exists, host-country audited financial statements are mandatory regardless of whether the host country’s domestic law mandates a statutory audit The host-country auditor must be licensed under host-country law — an Indian CA cannot substitute this for entities subject to mandatory audit.

For entities qualifying under the no-control and no-mandatory-host-audit exception, Indian CA certification remains valid but must explicitly confirm both conditions Multi-entity structures require separate audits per entity, per jurisdiction, per year AD Bank acceptance of the APR dossier is the practical compliance test — and AD Banks are increasingly applying stricter scrutiny than the minimum regulatory requirements suggest.

Back-year defaults require retroactive audit, not just late filing — each missed year must be properly audited.

Indian companies expanding globally should plan for the overseas audit as a scheduled annual exercise — commissioning the host-country auditor no later than October each year to ensure the December 31 deadline is met without compromise on audit quality.

References

1. Foreign Exchange Management (Overseas Investment) Rules, 2022 — Rule 23 [G.S.R. 646(E) dated August 22, 2022]

2. Foreign Exchange Management (Overseas Investment) Regulations, 2022 (FEMA 400) — Regulation 22(2)(a) [FEMA 400/2022-RB dated August 22, 2022]

3. RBI Master Direction — Direct Investment by Residents in Overseas Entities (FED Master Direction No. 15/2024-25 dated July 24, 2024) — Annex II

4. ICAI Standards on Auditing — SA 800 (Special Purpose Audit Engagements)

5. AICPA Generally Accepted Auditing Standards (GAAS) — AU-C Section 800

6. Financial Reporting Council — ISAs (UK) — FRC

7. ACRA — Singapore Standards on Auditing (SSAs)

8. Companies Act 2006 (UK) — Part 42 (Statutory Auditors)

9. Accountants Act 1987 (Singapore) — Public Accountant Registration

10. For a practical illustration of the end-to-end APR audit process across US, UK, and Singapore subsidiaries, including the AD Bank dossier structure, refer to: Accorp Partners — APR Audit of Overseas Subsidiaries

*******

The author is a practising CA/CPA with experience in FEMA/ODI compliance and cross-border audit engagements. Views expressed are personal and based on the regulatory framework as in force. Readers are advised to seek specific professional