FEMA Compliance Audit India: Process, Checklist & Penalties

FEMA Compliance Audit India: What Foreign Companies Must Know 

Most foreign-owned Indian subsidiaries discover their FEMA violations during due diligence. Not during a routine internal review. Not after a proactive compliance check. During due diligence, when a new investor’s legal team is going through the company’s regulatory history and the timeline pressure of a closing deal is already in play. At that point, compounding a violation that should have been addressed two years earlier becomes an urgent, expensive problem on a transaction timeline. A FEMA compliance audit India conducted regularly prevents exactly that situation. FEMA compliance is not a one-time exercise that ends after FC-GPR is filed. Every foreign investment received, every share transfer involving a non-resident, every outbound investment made, and every year the investment remains outstanding creates ongoing obligations. A FEMA compliance audit India maps all of those obligations against what was actually done and identifies the gaps before they surface in the worst possible context.

What Is a FEMA Compliance Audit in India?

A FEMA compliance audit India is a structured review of a company’s foreign exchange transactions, reporting obligations, and regulatory filings under the Foreign Exchange Management Act 1999 and the rules, regulations, and master directions issued by RBI. It identifies missed filings, incorrect classifications, valuation non-compliance, and documentation gaps that constitute compoundable contraventions. The audit examines two directions of capital flow. Inbound: This includes FDI received by the Indian company, shares allotted to foreign investors, share transfers involving non-residents, and the reporting obligations attached to each. Outbound: ODI made by the Indian company in overseas subsidiaries or joint ventures, loans extended abroad, guarantees issued, and the annual reporting obligations those investments carry. For foreign-owned Indian subsidiaries, the inbound side is almost always more extensive. But companies that have also made investments abroad, extended intercompany loans to overseas group entities, or issued guarantees to foreign lenders have outbound obligations that are just as frequently missed. A FEMA compliance audit India is not the same as a statutory audit. A statutory auditor reviews financial statements. A FEMA audit reviews regulatory filings, remittance documentation, KYC compliance, valuation certificates, and RBI correspondence against the actual transactions on the books. The two exercises serve entirely different purposes.

Why Do Foreign Companies Need a FEMA Compliance Audit India?

Foreign companies need a FEMA compliance audit India because FEMA obligations are transaction-triggered and continuous, not annual events. Every investment round, every secondary share sale, every intercompany payment, and every overseas investment creates a new filing obligation with a specific deadline. Without a structured audit, gaps accumulate silently and surface as compoundable contraventions during fundraising, M&A, or IPO processes. Three situations make a FEMA compliance audit India urgent rather than routine.

1. The first is an upcoming transaction. A new equity investor, a strategic acquisition, a secondary sale by an existing foreign shareholder, or an IPO all involve legal due diligence. The incoming party’s counsel will review every FEMA filing for every foreign investment transaction in the company’s history. Missing FC-GPR filings, FC-TRS filings not made within 60 days, FLA returns not filed for two years, valuation certificates obtained after allotment rather than before — all of these are found, all of them must be addressed, and none of them can be resolved quickly when a transaction is about to close.
2. The second is a change in shareholding. When a foreign investor partially exits, a founder sells secondary shares to a foreign fund, or the foreign parent increases its stake, FC-TRS filings must be made within 60 days. These are missed more often than any other FEMA obligation because the attention in a secondary transaction goes to negotiating the price, not to compliance timelines.
3. The third is simply time. A company that has been operating for three years with annual FDI rounds, intercompany transactions, and outbound investments has accumulated three years of potential compliance gaps. A FEMA audit for foreign companies India conducted at this stage, before any transaction, gives the company time to compound what needs to be compounded and document what needs to be documented in an orderly way.

What Does a FEMA Compliance Audit India Cover?

A FEMA compliance audit India covers every category of foreign exchange transaction the company has conducted: FDI received and reported, share transfers involving non-residents, outbound investments and their annual reporting, ECBs if any, and the documentation supporting each transaction including valuation certificates, FIRCs, and KYC of foreign counterparties.

• Inbound FDI Audit

The inbound FDI review covers:

• FC-GPR filings: Every allotment of shares to a foreign investor must be reported in Form FC-GPR on RBI’s FIRMS portal within 30 days of allotment. The audit checks whether every allotment was reported, whether it was reported within the deadline, and whether the required attachments including valuation certificate, FIRC, investor KYC, and Board Resolution were complete and correctly submitted.
• Valuation compliance: Shares cannot be issued to a foreign investor below fair value as determined by a SEBI-registered Merchant Banker or CA using an internationally accepted methodology. The audit checks whether valuation certificates were obtained before or after allotment and whether the methodology used is acceptable under FEMA pricing norms. Certificates obtained after allotment to retroactively justify a price already fixed are a compliance weakness.
• FDI route compliance: The audit confirms that the FDI was received under the correct route for the sector. Certain sectors require Government Route approval and investing under the Automatic Route in those sectors is itself a violation.
• Instrument classification: Not all instruments qualify as FDI under the NDI Rules 2019. Optionally convertible notes, redeemable preference shares, and non-convertible debentures are debt instruments, not FDI. Companies that reported debt instruments as FDI in FC-GPR have a misclassification that needs correction.

• Share Transfer Audit (FC-TRS)

Every transfer of shares between a resident and a non-resident requires Form FC-TRS within 60 days of transfer or receipt of funds, whichever is earlier. The audit checks:

• Whether FC-TRS was filed for every transfer in the company’s history
• Whether the 60-day deadline was met
• Whether the share transfer agreement, valuation certificate, FIRC or remittance proof, and consent letters were correctly attached

• FLA Return Audit

The FLA return must be filed by July 15 every year for any company with outstanding foreign investment on its balance sheet as of March 31. The audit checks:

• Whether FLA returns have been filed for every year since the first FDI was received
• Whether the data in the FLA return is consistent with the data in FC-GPR and the balance sheet

Discrepancies between FLA data and FC-GPR data attract scrutiny from RBI’s Department of Statistics and Information Management, which cross-references the two datasets.

• ODI and Outbound Investment Audit

For companies that have made overseas investments, the audit covers:

• Form ODI filings before each remittance
• Annual Performance Reports (APR) filed by December 31 each year
• Guarantee reporting for corporate guarantees issued to foreign lenders on behalf of overseas subsidiaries
• Whether the financial commitment cap (400% of net worth) has been monitored and not exceeded

• ECB Audit

For companies with External Commercial Borrowings, the audit covers:

• Whether the LRN was obtained before the first drawdown
• Whether monthly ECB-2 returns were filed by the 7th of every month
• Whether any ECB proceeds were used for negative end-uses
• Whether loan term changes were reported through a revised Form ECB

What Are the Most Common FEMA Violations Found in a Compliance Audit?

The most common violations found in a FEMA compliance audit India are missed FC-GPR filings or filings made after the 30-day deadline, FC-TRS not filed for secondary share transfers, FLA returns not filed for dormant-year periods, valuation certificates obtained after allotment rather than before, and ODI Annual Performance Reports not filed because the overseas entity was inactive. A summary of the most frequently found violations:

Violation	Regulatory Basis	Typical Penalty Mechanism
FC-GPR not filed within 30 days	NDI Rules 2019, FEMA 1999	Late Submission Fee, then compounding
FC-TRS not filed within 60 days	NDI Rules 2019, FEMA 1999	Late Submission Fee, then compounding
FLA return not filed	FEMA 1999, RBI Master Directions	Compounding under Section 13
Valuation certificate obtained post-allotment	NDI Rules 2019 pricing norms	Compounding
FDI received in prohibited sector	FDI Policy, NDI Rules 2019	Compounding, possible transaction reversal
APR not filed for ODI	OI Rules 2022	AD bank blocks further outward remittances
ECB-2 return not filed monthly	RBI ECB Master Direction	Compounding
Instrument misclassified as FDI	NDI Rules 2019	Reclassification and compounding
Round-tripping structure	FEMA 1999	Compounding, possible enforcement action

The APR non-filing deserves specific attention. Indian companies with overseas subsidiaries that were dormant or loss-making frequently stop filing APRs on the assumption that there is nothing to report. The obligation does not lapse because the overseas entity had no activity. When the APR backlog is eventually discovered, the AD bank is required to block further outward remittances from the Indian entity until all outstanding APRs are filed. This blocks capital deployment at the worst possible time.

What Is the FEMA Compounding Process for Violations Found During an Audit?

FEMA violations that cannot be regularised through Late Submission Fee payment must be compounded through RBI. Compounding requires a formal application to RBI, disclosure of the violation, and payment of a compounding amount determined by RBI based on the nature, gravity, and duration of the contravention. The revised Master Directions on Compounding effective April 22, 2025 cap certain non-reporting contraventions at ₹ 2,00,000 per violation. The compounding process:

1. Identify the specific provision of FEMA or the rules under which the contravention occurred
2. Prepare a compounding application with full details of the transaction, the violation, and the period of default
3. File the application with RBI’s Foreign Exchange Department
4. RBI reviews the application, may seek additional information, and schedules a hearing
5. A compounding order is issued specifying the amount to be paid
6. Payment is made and the compounding order is received

The amount is calculated based on the amount involved in the contravention and the period for which it continued. For non-reporting contraventions, the April 2025 revision introduced a cap of ₹ 2,00,000 per violation for miscellaneous categories. For more significant contraventions involving incorrect instrument classification or FDI in prohibited sectors, the penalty can go up to three times the amount involved. Compounding clears the violation from the company’s record. Without a compounding order, the contravention remains live and blocks regulated transactions.

How Should a FEMA Compliance Audit India Be Structured?

A FEMA compliance audit India should be structured in three phases: document collection and transaction mapping, gap analysis against regulatory requirements, and remediation planning covering which violations can be regularised through LSF payment and which require compounding. The audit output should be a prioritised action list with timelines, not just a list of violations. The practical structure: Phase 1: Transaction Mapping Compile every foreign exchange transaction from the company’s incorporation to the present. This includes every FDI round, every secondary share transaction involving a non-resident, every intercompany payment above ₹ 1 crore, every outbound investment, and every ECB. For older companies, this often requires reconstructing records from bank statements, board resolutions, and share certificates. Phase 2: Gap Analysis Map each transaction against the applicable FEMA obligation and check:

• Was the correct form filed?
• Was it filed within the prescribed timeline?
• Were the required attachments complete and correct?
• Was the pricing compliant with FEMA norms?

Phase 3: Remediation Categorise violations by severity and remediation path:

• Violations within the LSF window: file late with applicable fee
• Violations requiring compounding: prepare compounding applications in order of priority
• Structural issues (instrument misclassification, wrong FDI route): assess correction mechanism

Conclusion

A FEMA compliance audit India is most valuable when it is done proactively, not reactively. The violations that create the most damage are not discovered during the audit itself. They are discovered during due diligence, when the company has no control over the timeline, the counterparty’s legal team is asking questions, and the compounding process must run in parallel with a transaction closing. Companies that conduct a FEMA audit for foreign companies India annually, or at minimum before any significant transaction, convert a potential deal-breaker into a managed compliance exercise. The audit itself is not the expense. The unmanaged violation discovered at closing is. CorporateLegit conducts FEMA compliance audits India for foreign-owned subsidiaries and Indian companies with outbound investments, covering the full transaction history, gap analysis, LSF filing, compounding applications, and ongoing FEMA compliance management. If your company has not had a FEMA compliance review, reach out to CorporateLegit before your next transaction is initiated.