International Financial Services Centres Authority (IFSCA) : Risk Management and Supervision

As GIFT City continues its rapid ascent as a premier global financial hub, the International Financial Services Centres Authority (IFSCA) is setting new benchmarks in regulatory excellence.

Operating at the intersection of innovation and stability, the IFSCA’s framework for Risk Management and Supervision is the "Master Key" that ensures sustainable growth. Here’s why it matters for the 2026 financial landscape

Risk Management Framework

IFSCA requires all regulated entities to maintain robust risk management frameworks. Key components:

For Banking Entities (IBUs)

• Credit Risk: Internal credit rating frameworks, exposure limits per counterparty, sector concentration limits

• Market Risk: Value-at-Risk (VaR) models, stress testing under IFSCA-specified scenarios

• Liquidity Risk: Liquidity Coverage Ratio (LCR) monitoring, contingency funding plans

• Operational Risk: Business Continuity Plans (BCP), disaster recovery testing at least annually

For Fund Management Entities

• Investment Risk: Portfolio concentration limits, due diligence frameworks for investee companies

• Counterparty Risk: Custodian risk, broker credit limits

• Valuation Risk: Independent valuation of unlisted assets at least quarterly

Cybersecurity Requirements

IFSCA issued a Cyber Security and Cyber Resilience Framework applicable to all regulated entities. Key requirements:

• Board-level cybersecurity policy — updated at least annually

• Designation of Chief Information Security Officer (CISO) for entities above specified thresholds

• Vulnerability Assessment and Penetration Testing (VAPT) — at least annually by a CERT-In empanelled auditor

• Incident reporting to IFSCA within 6 hours of discovery of a material cyber incident

• Data localization: Critical data of IFSC entities to be stored in India (CERT-In norms apply)

• Multi-factor authentication (MFA) mandatory for all critical systems access

Stress Testing

IFSCA conducts both firm-level (micro-prudential) and system-level (macro-prudential) stress tests:

• Annual stress test: All IBUs and FMEs above specified size must submit stress test results

• Scenarios: IFSCA specifies macro scenarios (exchange rate shocks, interest rate spikes, market crashes)

• Results reviewed by IFSCA's supervisory team; entities with inadequate capital buffers face remedial action

Dispute Resolution

IFSCA provides a structured dispute resolution mechanism:

Internal Grievance Redressal

• All regulated entities must have a designated Grievance Redressal Officer

• Response to client complaints within 14 days

• Escalation to IFSCA's grievance portal if unresolved

IFSCA-Level Resolution

• Complaints can be filed directly with IFSCA via its online portal

• IFSCA may issue directions to the regulated entity for resolution

• Mediation: IFSCA facilitates mediation before adjudication for eligible disputes

Appellate Mechanism

• Orders of IFSCA can be appealed to the Securities Appellate Tribunal (SAT)

• Further appeals lie to the High Court and Supreme Court of India

• IFSCA Act also allows for arbitration in international arbitration centres (GIFT City has its own arbitration centre)

Supervisory Review Process

IFSCA follows a risk-based supervision model:

• Entities are classified by risk profile: High, Medium, Low

• High-risk entities face annual on-site inspections; medium-risk biennial; low-risk periodic off-site reviews

• Off-site monitoring: IFSCA's supervisory technology platform monitors regulatory returns in real time

• Thematic reviews: IFSCA periodically conducts industry-wide reviews on specific topics (e.g., AML practices, cybersecurity)

#GIFT-IFSC #IFSCA #RiskManagement #FinancialRegulation #GIFTCity #Banking #FinTech #GlobalFinance #InvestmentBanking #IndiaGrowth