NPS rule change explained:
What new PFRDA audit rules mean for your savings

New Delhi, Jun 19, 2026

PFRDA has revised audit norms for NPS Points of Presence, bringing stricter checks on subscriber handling, fund processing, KYC and compliance.

The pension regulator has tightened oversight of entities that help citizens open and manage National Pension System (NPS) accounts, making regular audits mandatory for many Points of Presence (PoPs) handling NPS operations. The move is aimed at improving operational controls, protecting subscriber interest and ensuring that contributions, withdrawals and service requests are processed within prescribed timelines.

The Pension Fund Regulatory and Development Authority (PFRDA) has issued a circular requiring registered PoPs, including those handling NPS Vatsalya accounts, to get their NPS-related accounts and processes audited by an independent external chartered accountant or audit firm. The requirement will apply under the revised framework from April 1, 2026 to March 31, 2027.

PoPs are the first point of contact for many NPS subscribers. They handle account opening, contribution processing, service requests, withdrawals and other administrative activities. Any weakness in these processes can directly impact the subscriber’s retirement savings journey.

Who will need an audit and how often?

PFRDA has classified PoPs based on their subscriber base as on the last day of the financial year. The frequency of audit will depend on the number of NPS subscribers handled by the PoP.

PoPs with fewer than 10,000 subscribers will need an audit once in three financial years.

PoPs with 10,000 or more subscribers will need an audit every financial year.

PoPs having fewer than 100 NPS accounts are exempt from submitting audit reports. However, once they cross 100 subscribers, they will have to submit audit reports for earlier financial years as applicable.

For larger PoPs, the first audit report under the revised framework will be due by June 30, 2027. For smaller eligible PoPs, the due date will depend on whether the audit report for FY26 has already been submitted.

What will auditors check?

The audit will not be limited to financial records. It will examine whether PoPs have proper systems and controls in place for handling subscriber-related activities.

The scope includes:

•     NPS account opening and subscriber onboarding processes
•     Compliance with KYC, anti-money laundering and counter-terror financing requirements
•     Collection and transfer of subscriber contributions
•     Uploading contribution details into the Central Recordkeeping Agency (CRA) system
•     Maintenance of collection accounts and reconciliation of subscriber funds
•     Handling of subscriber complaints
•     Processing of withdrawals, exits and service requests
•     Data security and cyber security practices

Auditors will also examine whether PoPs have maintained proper books of accounts, electronic records and documents as required under PFRDA regulations and guidelines.

Focus on subscriber money and delays

A major part of the audit framework focuses on how subscriber money is handled. Auditors will check whether contributions received from subscribers are deposited and processed within the required timelines. They will also examine whether there are any unreconciled amounts lying in collection accounts.

The audit will also verify whether PoPs compensate subscribers in cases where delays occur in activities such as account registration, service requests, contribution processing or withdrawal processing, as prescribed under operational guidelines.
For subscribers, this means stronger monitoring around issues such as delayed fund transfers, incorrect processing of requests or unresolved complaints.

Independent auditors and conflict checks

PFRDA has also prescribed eligibility conditions for auditors. PoPs must appoint auditors from the list of firms empanelled by financial sector regulators, including PFRDA. The appointment must be approved by the Audit Committee or the Board, wherever applicable.

Auditors will generally be appointed for a three-year tenure. After completing a three-year assignment, the same audit entity will face a two-year cooling-off period before accepting another audit assignment from the same PoP.

The audit report will also require confirmation that the auditor has no direct or indirect interest or conflict of interest with the PoP being audited.

What happens if PoPs fail to comply?

PFRDA has said that audit reports will be reviewed by the regulator. If reports are incomplete or do not meet the required standards, appropriate action may follow.

The regulator may also arrange an audit of PoPs that fail to submit reports within the prescribed timelines.

For NPS subscribers, the new framework is expected to bring greater accountability among intermediaries handling retirement savings. While the investment performance of NPS depends on market-linked returns and fund management, smoother operations, timely processing and stronger compliance systems play an important role in protecting the subscriber experience.

[The Business Standard]