Compliance is a feature,
not a constraint.
We built SquareNow to operate inside Indian regulation, comfortably. RBI DLG, SRO under FACE, scale-based regulation, NBFC-MFI rules, Section 8 — pre-built into the product, not bolted on.
Eight regulatory frames.
One platform.
RBI DLG
Disclosures, consent capture and audit trail compliant with the Sept 2022 Digital Lending Guidelines and subsequent updates.
SRO under FACE
Pre-built disclosures and reporting for Self-Regulatory Organisation obligations.
Scale-based regulation
Pre-built reports for Base, Middle, Upper and Top Layer NBFCs.
NBFC-MFI
Qualifying-asset ratio reporting, household indebtedness checks, JLG / group lending workflows.
Section 8 lenders
Companies Act overlay built in. Compliance with the not-for-profit lending framework.
Data localisation
Customer data hosted in AWS Mumbai (ap-south-1). Tenant-isolated, encrypted at rest.
SOC 2 Type 2
In process for 2026. Detailed security pack shared on request under NDA.
ISO 27001
In process for 2026. Quarterly third-party pen-testing reports available on request.
The Digital Lending Guidelines,
line by line.
Every DLG obligation, mapped to where it sits in the SquareNow workflow. None of these are configurable away — they ship enabled.
Lending service provider transparency
Every borrower-facing screen surfaces the lender of record (not the platform), regulated identifier and grievance contact — both at application and post-disbursement.
Key Fact Statement (KFS)
Standardised KFS auto-generated per loan offer. Includes APR, processing fees, prepayment terms, default rate. Bilingual rendering (English + local language).
Consent capture, granular
Per-data-category, per-purpose, time-stamped, geo-tagged, IP-logged. Withdrawable from the borrower portal at any time with full data-deletion workflow.
Disbursement only to verified accounts
No third-party disbursement. Pre-flight checks against bureau name, PAN-linked account and penny-drop verification. Audit log of every disbursement and the verifications that preceded it.
Cooling-off period
Borrower can return the disbursed amount within the cooling-off window with only proportionate APR cost — wired into the workflow as a non-defaulting return path.
No automatic credit-limit increase
Limit increases require explicit borrower consent. No silent upsell, no auto-enrolment.
Grievance escalation
Three-level grievance routing — partner, lender, RBI Sachet — surfaced on every borrower-facing surface. SLA on first response and resolution.
No deceptive nudges
No dark-pattern UI for product upsell or fee collection. Periodic UI audit attests to this.
Self-regulation,
operationalised.
FACE membership is straightforward; ongoing reporting is where most NBFCs run into operational drag. SquareNow handles the recurring submissions.
Member onboarding pack
KYC of the legal entity, beneficial-ownership disclosure, code-of-conduct attestation. Pre-formatted submission to FACE.
Operational data submission
Monthly operational disclosures on disbursement, repayment, NPA, customer-grievance counts. Generated from production data; reviewer signs off.
Code-of-conduct attestations
Quarterly code-of-conduct, anti-coercive-collection and fair-practice attestations — pre-templated and routed through the right authority on your side.
Complaint resolution metrics
Time-to-first-response, time-to-resolution and complaint-by-product reporting. Outliers surfaced before they cross SRO thresholds.
Reporting calendar
A pre-loaded calendar of every recurring SRO submission. The compliance officer sees what is due next without checking the FACE portal.
How "tamper-evident" is enforced.
Every state change is an event
Application created, document uploaded, KYC passed, underwriting decisioned, disbursement triggered, repayment received, collection action taken — each is an immutable event with actor, timestamp and reasoning.
Hash-chained, tamper-evident
Each event includes a cryptographic hash of the previous event. Any retroactive modification breaks the chain — detectable on the next audit.
Inspection mode for regulators
A read-only inspection role exposes the full event log, document repository and report archive to an external auditor without writing access to operational systems.
Document version history
Borrower documents, signed agreements, KYC artefacts — all versioned. The latest is current; previous versions are retrievable for the retention period.
Retention by document class
Configurable retention per document class — KYC, agreements, statements, communications — aligned with statutory minimums and data-minimisation defaults.
What we can hold ourselves to.
BCP / DR posture — the numbers your auditor and risk team will ask for first.
Email compliance@squarenow.co.in
We reply within one working day. Security pack shared under NDA on request.