TRW Law Firm – Global Header
Book Consultation

Microfinance & MFI Compliance

by Tahmidur Remura Wahid | Sep 5, 2025 | Uncategorized | 0 comments

Microfinance & MFI Compliance in Bangladesh — 2025 Guide

Microfinance & MFI Compliance in Bangladesh — 2025 Guide

By Tahmidur Remura Wahid (TRW) Law Firm — Dhaka • Dubai • London

Bangladesh is one of the world’s most influential laboratories for inclusive finance. Microfinance here is no longer a purely development experiment; it is a licensed, supervised financial activity with an increasingly sophisticated compliance footprint. If you operate (or plan to operate) an MFI in Bangladesh—or if you’re a funder, impact investor, or fintech building rails that touch microcredit—you’ll face a comprehensive rule-set around licensing, governance, pricing, AML/CFT, savings, reporting, client protection, and data. Add cross-border operations with Dubai and London, and your obligations expand to include group-level data governance, marketing/fundraising rules, and financial-crime controls that must dovetail with Bangladeshi requirements.

This guide unpacks the full picture in practical, board-ready language. It assumes you want to be compliant, efficient, and investable.

Tahmidur Remura Wahid 171

1) Why this guide matters now

  • Microfinance in Bangladesh is a licensed activity overseen by a dedicated regulator. You cannot legally conduct microcredit without a licence.
  • Rules are no longer “light touch.” Expect enforceable expectations on service-charge methodology and caps, savings restrictions, statutory reserves, loan classification & provisioning, independent audits, digital controls, and consumer-protection standards.
  • AML/CFT expectations have matured quickly: risk-based KYC (including e-KYC/remote onboarding), PEP/sanctions screening, STR governance, training, and record-keeping are standard.
  • Digital is mainstream, but MFIs aren’t banks or MFS providers. You’ll partner with banks/PSPs for wallets, agent banking, and settlement—and align your technology with regulator-grade auditability.
  • If your group also operates from Dubai or London, your data flows, fundraising, and external communications must meet those jurisdictions’ standards while remaining compatible with Bangladesh rules.

2) Regulatory architecture in Bangladesh (plain-English map)

Primary perimeter: A dedicated statute creates the microfinance regulator and defines who may do microcredit and how. Licences, inspections, and sanctions live here.

Subordinate rule-set: Regulations and circulars specify: who can apply, what needs to be in your application, prudential and conduct rules (pricing, savings, reserves), consumer-protection, reporting calendars, auditor qualifications, and enforcement procedure.

Cross-cutting laws you will inevitably touch:

  • Anti-money laundering & counter-terrorist financing: risk-based KYC, e-KYC controls, targeted financial sanctions, STRs, training, record retention.
  • Foreign funds & FX: if you receive foreign donations or borrow offshore, approvals and reporting under the foreign-donations framework and foreign-exchange regime apply (through Authorised Dealer banks).
  • Data & digital: lawful processing, security, retention, and cross-border transfers when group analytics/reporting involve your Dubai or London entities.

Where Bangladesh Bank fits in: Banks/NBFIs answer to Bangladesh Bank; MFIs answer to the microfinance regulator. But interfaces are real: digital collections via bank-led MFS, refinance lines from banks, and all FX transactions flow through banking channels. For an overview of central-bank interfaces, see our explainer on Regulatory (Bangladesh Bank).

3) Who can operate an MFI?

Bangladesh recognizes several legal forms (e.g., society, trust, company limited by guarantee, company limited by shares). Your legal form does not substitute for a microfinance licence. In practice, most licensed MFIs are mission-driven entities with robust governance and a field presence. For-profit structures are not prohibited per se, but the eligibility criteria and the regulator’s supervisory expectations are such that mission, governance quality, and client-protection capacity matter as much as capital.

Typical baseline capabilities at application stage:

  • Proper registration and a fit-and-proper board (independence, relevant skills, integrity, conflict-management).
  • Documented policies across credit, savings, collections, AML/CFT, complaints, data protection, internal audit.
  • A running MIS that can produce regulatory returns: portfolio quality, PAR buckets, provisioning, savings reconciliation, branch performance, and reserve movements.
  • Auditor engagement (independent and acceptable) and a reporting calendar.

4) The licensing pathway (what to prepare, what to expect)

4.1 Pre-requisites—before you file

  • Constitutional documents aligned with microfinance objectives and client-protection commitments.
  • Business plan: target geography, client segments (groups vs individuals; agriculture vs microenterprise), product set, pricing approach (declining-balance), staffing, five-year financial model, and funding mix.
  • Risk & control design: three-lines model, internal audit, compliance monitoring, risk register, whistleblowing, incident reporting, and board committee charters.
  • AML/CFT framework: enterprise-wide ML/TF risk assessment; KYC/e-KYC standard; PEP/sanctions screening; STR workflows; training syllabus; retention.
  • Digital readiness: field apps, device policy, data encryption, access controls, audit logs, and vendor due diligence (especially for any cloud or analytics tooling).

4.2 The application file—core components

  • Entity registration and governance map (org chart, job descriptions, fit-and-proper attestations).
  • Policies and SOPs (credit, savings, collections, AML/CFT, complaints, data, internal audit).
  • MIS architecture summary and sample reports.
  • Auditor letter of engagement; reporting timetable; internal audit plan.
  • Branch/field footprint plan, with basic facility standards.
  • Proof of financial capacity (seed funding, portfolio size/borrower base if already running pilot programs in another form).

4.3 What the regulator will test

  • Pricing method (declining-balance) and that your proposed service-charge sits within the prevailing cap.
  • Savings restrictions adherence (member-only; conditions around term products if permitted).
  • Reserve policy—statutory reserve transfers and triggers.
  • Loan classification & provisioning approach; watch/resubstandard/doubtful/loss buckets and write-off criteria.
  • Audit & reporting: auditor independence; timely submission capacity.
  • Client-protection: disclosures, loan scripts, soft collections, and grievance handling.

Practical tip: Build a “licence binder” with every policy, form, and evidence excerpt the regulator might ask to see. Keep an electronic mirror of the binder for quick updates.

5) Pricing, savings, reserves, and provisioning (the prudential spine)

5.1 Pricing & service-charge caps

Bangladesh uses service-charge caps for MFIs, applied on a declining-balance basis. Caps move over time via circulars; set your pricing below the live cap and avoid add-ons that function as hidden interest (e.g., compulsory accessories or processing charges that are economically interest). Always publish your effective rates and method (declining balance) at branches and on receipts.

5.2 Savings: permitted, but not public deposit-taking

MFIs can typically mobilize savings from members, subject to licensing conditions. Soliciting deposits from the general public is prohibited. Treat any term deposit offering as tightly restricted unless your licence expressly authorizes it and your treasury controls can manage maturity and liquidity risk.

5.3 Statutory reserve

Bangladesh requires a statutory reserve (a portion of annual surplus) to strengthen your balance sheet. Adopt a board policy that hard-codes the transfer percentage, timing (e.g., post-audit), and usage restrictions. Create a standing agenda item so the board signs off reserve movements every year.

5.4 Loan classification, provisioning, and write-offs

Your credit policy should define days-past-due buckets that drive provisioning (watch → substandard → doubtful → loss) with provisioning percentages up to 100% for the worst bucket. Write-offs must follow policy after full provisioning; keep the write-off committee minutes, recovery attempts log, and borrower dossiers intact for inspection.

5.5 Audit & reporting

Expect annual independent audits and periodic regulatory returns (often quarterly/half-yearly). Your MIS should produce: portfolio quality by product/branch/loan officer, PAR vintage curves, provisioning coverage, branch profitability, savings reconciliation, reserve movements, complaints stats, and staff KPI dashboards.

6) AML/CFT & e-KYC for MFIs

6.1 Risk-based architecture

  • Enterprise-wide ML/TF risk assessment (EWRA): segment clients, products, channels, and geography; score inherent risk; map controls; assess residual risk.
  • KYC/e-KYC: risk-tier customers and use e-KYC where available and proportionate. No “copy-paste onboarding”: every relationship must have a traceable KYC trail and risk rating.
  • Sanctions & PEP screening: at onboarding and periodically (batch screening), including name-matching tolerances and escalation paths.
  • STR/SAR governance: define red flags; who investigates; who approves; when to file; how to maintain confidentiality.
  • Training: induction + annual refreshers; test comprehension; record attendance.
  • Record-keeping: maintain KYC, transaction data, screening logs, STR files for the statutory period.

6.2 Agents, field staff, and vendors

  • Device policy: enrolment of field devices; full-disk encryption; MDM controls; no local storage of PII beyond session; remote wipe.
  • Role-based access: least privilege; maker-checker separation; forced password rotation; MFA for admin roles.
  • Vendor due diligence: information security questionnaires; DPAs; right-to-audit; incident-notification timeframes; data-return/deletion at contract end.

7) Digital operations—what’s allowed and what isn’t

Allowed (with good controls):

  • Loan Origination & Servicing Systems (LOS/LMS); e-receipts; digital collection scheduling; reconciliation engines.
  • Digital disbursement/collection via bank-led mobile financial services or agent banking (through partnerships).
  • e-KYC and remote verification where permitted; audit trails for every field interaction.

Not allowed for MFIs:

  • Acting as your own mobile wallet or operating cross-border payments rails.
  • Holding client funds like a bank; all wallet/agent flows must sit within partner bank/PSP frameworks.

Board-level digital checklist:

  • Data inventory → lawful basis → minimization → retention → deletion.
  • DR/BCP tests twice a year; restore-time evidence; ransomware tabletop.
  • Quarterly user-access recertification and surprise field audits.

For credit operations that overlap with the banking/NBFI perimeter (e.g., refinance, securitization, or blended structures), see our pages on NBFI Licensing & Compliance and Secured Lending & Syndication.

8) Consumer protection & client welfare (what examiners look for)

  • Truthful pricing disclosures in local language; declining-balance method explained with an example.
  • Cooling-off window for certain loan types; no tying or coercive cross-selling.
  • Collections code: dignity in recovery; prohibited practices list; supervisor ride-alongs; discipline logs.
  • Grievance redress: channels (branch book, hotline, WhatsApp/SMS), tracking IDs, SLAs, escalation to head office, quarterly board reporting.
  • Over-indebtedness prevention: credit discipline, checking for multiple borrowings, reasonable debt-to-income, and a rescheduling policy that avoids concealment of risk.
  • Client data privacy: written consent, clear notices, minimal sharing, and secure storage.

9) Product design (and how to keep it compliant)

9.1 Core lending products

  • Group loans with social collateral and centre meetings; declining-balance pricing within the cap.
  • Individual microenterprise loans with cashflow analysis; seasonal tenors for agriculture.
  • Asset-backed micro-leasing (if permitted by your licence) with transparent repossession rules.
  • Emergency loans with fee/interest waivers in disaster zones (document the trigger and board authority).

9.2 Savings (member-only)

  • Voluntary savings with clear withdrawal rules; interest rate disclosures; reconciliation discipline.
  • Term products only where your licence allows; robust asset-liability management.

9.3 Shariah-compliant microfinance

Bangladesh’s client base includes large observant populations. Consider Murābaḥa, Ijarah, or Qard Hasan structures adapted to micro-context—with Shariah-board oversight and product cards in simple Bangla. For structuring options and documentation, see Islamic Finance.

10) Funding your portfolio: domestic and foreign options

10.1 Domestic sources

  • Wholesale lines from banks/NBFIs on commercial terms (covenants, security, portfolio-quality triggers).
  • Apex/wholesale facilities where eligible.
  • Member savings (if permitted) with tight treasury controls; daily reconciliation; board-approved limits.

10.2 Foreign grants and loans (what to plan for)

  • Foreign donations/grants require registration and activity approvals under the voluntary activities regime; your reporting and audit cadence will reflect grant conditions plus local law.
  • Foreign borrowing typically needs central-bank approvals via your AD bank. Build application files with loan purpose, pricing, tenor, FX hedging plan, and security.
  • Covenants & FX: stress-test debt service against devaluation scenarios; match tenors to portfolio cashflows; negotiate cure periods and data-sharing carefully.

Investor-friendliness tip: Create a Funding Compliance Matrix listing every funding source (bank, facility, donor, bondholder), the governing contract, key covenants, reporting deadlines, and responsible owner. Present this quarterly to the board.

11) Working with banks & the “digital microcredit” narrative

There are bank-run, digitally originated micro-loans in Bangladesh financed by refinance windows or banks’ own balance sheets. Those are banking products—not MFI loans—and are supervised under the central bank’s framework. MFIs can partner at the edge (e.g., origination assistance, servicing), but your licence perimeter remains microfinance. Keep the distinction clear in your documentation, pricing, and marketing.

12) Operating from Dhaka, Dubai, and London—what changes?

12.1 Data protection & cross-border transfers

If any Bangladesh client data leaves the country (e.g., to your London analytics team or Dubai HQ marketing system), you’ll need:

  • Data mapping: what fields, why, who receives, where stored, and for how long.
  • Transfer tool: appropriate transfer clauses/addenda, risk assessments, and downstream vendor controls.
  • Minimization: export aggregates or pseudonymized data by default; send PII only when necessary.
  • Incident response: a 24/7 playbook (containment, forensics, regulator/client comms, remediation).

12.2 Fundraising & communications

  • UK: If you solicit donations or “impact notes” from UK audiences, ensure trustee oversight and compliant communications; avoid financial-promotion breaches.
  • UAE: Review consumer-protection and market-conduct standards before any UAE-facing credit messaging.
  • Group policy cascade: Your UK/UAE rules should be written into intercompany agreements and marketing approvals that apply to Dhaka operations.

13) TRW’s MFI Compliance Framework (field-tested)

We implement the following ten-part program for MFI clients. It clears regulatory inspections and investor diligence while remaining lightweight enough for growth.

  1. Governance & Risk Appetite: Board-approved ranges for PAR, liquidity, pricing, funding mix, conduct risk; three-lines model; risk and audit committees with charters.
  2. Policy Suite: Credit, savings, collections, AML/CFT (with e-KYC annex), client protection/GRM, data protection, cybersecurity, internal audit, whistleblowing, business continuity.
  3. Pricing & Fees Controls: Declining-balance engine; cap tracker; branch posters and receipt templates; quarterly testing and spot checks.
  4. Reserves & Provisioning: Provisioning ladder; monthly impairment committee; statutory reserve transfer calendar and board minutes.
  5. Portfolio Quality: DPD buckets, rescheduling rules, top-up limits, vintage curves, branch heatmaps; collection strategy playbooks.
  6. Digital & Data: Role-based access, device controls, encryption, logging, DR/BCP; vendor DPAs; export minimization; incident drills.
  7. AML/CFT Workflows: EWRA; KYC tiers; sanctions screening; STR runbooks; field training; surprise audits.
  8. Client Protection: Loan scripts; cooling-off; collections conduct; GIIN-style indicators; quarterly complaint trend analysis.
  9. Funding & FX: NGO registration where needed; AD-bank workflow for foreign borrowing; hedging policy; covenant tracker with red/amber/green statuses.
  10. Regulatory Reporting & Audit: Calendarized returns; internal audit plan; external audit ToR; management letter remediation tracker.

For adjacent regulatory interfaces (bank funding lines, collateral documentation, or securitisation), see Secured Lending & Syndication and Loan Documentation.

14) 90-Day implementation plan (launch or uplift)

Weeks 1–2: Diagnose & Decide
■ Gap assessment vs. licensing conditions and AML/CFT/consumer-protection standards
■ Board approval of Risk Appetite and Policy Suite outline
■ Identify partner bank/PSP for digital flows

Weeks 3–6: Build & Train
■ Draft/approve policies; configure MIS (pricing guardrails, PAR/provisioning, reserve tracker)
■ Stand up EWRA; sanctions vendor; STR runbook; staff induction + testing
■ Draft client-facing disclosures (branch posters, receipts, privacy notices)
■ Device policy & MDM implementation; DR/BCP table-top test

Weeks 7–9: File & Pilot
■ Compile licence application pack; auditor engagement; reporting calendar
■ Pilot digital collections with partner bank; perform end-to-end reconciliation
■ Finalize funding compliance matrix; prepare FX/foreign-borrowing documentation if relevant

Weeks 10–12: Stabilize & Evidence
■ Internal audit cycle-0; evidence binders (pricing tests, sanctions logs, training records)
■ Board deep-dive on portfolio quality and client protection
■ Remediation of any findings; final readiness review for inspection

15) Investor/Lender due-diligence checklist (use internally before anyone else does)

  • Licence hygiene: Valid licence, scope, branch approvals, any show-cause notices and responses.
  • Pricing & fees: Cap compliance; declining-balance method; fee caps and transparent disclosures.
  • Portfolio quality: PAR30/PAR90, cure ratios, rescheduling rate, top-up dependence, FO dispersion.
  • Collections: Field audit findings; roll-rates; geo heatmaps; incident logs.
  • AML/CFT: Latest EWRA; sanctions hit management; STR statistics; training coverage; independent testing results.
  • Savings: Member-only compliance; reconciliation; liquidity coverage; ALM limits.
  • Audit: External audit opinions; management letter remediation; internal audit sampling.
  • Funding & FX: Approvals in place; covenant status; hedging; maturity profile.
  • Data & cyber: Access review logs; DR tests; incident register; vendor diligence files.
  • Client protection: Complaint volumes & SLA performance; root-cause trends; remedial actions.

16) FAQs (board-friendly)

1) Can a foreign, for-profit entity get a microfinance licence in Bangladesh?
Yes—subject to the same licensing standards. In practice, mission-driven structures (society/trust/guarantee company) dominate the landscape because governance and client-protection expectations are stringent. If you remain purely a wholesale funder to MFIs, you’ll still face FX/AML rules but won’t be an MFI.

2) What rate can we charge?
Use declining-balance service-charge and stay below the live cap. Build an internal early-warning that triggers if any branch deviates due to human error.

3) Can we accept deposits from the general public?
No. Savings, if allowed, are member-only and typically subject to product restrictions. Treat public solicitation as prohibited.

4) Are e-KYC and digital collections acceptable for MFIs?
Yes, within the prescribed framework and through partner banks/PSPs. Keep airtight audit trails.

5) Do we need a statutory reserve?
Yes. Transfer the required portion of annual surplus to a statutory reserve each year and minute the board approval.

6) How do we avoid over-indebtedness risk?
Strong pre-loan screening, centre discipline, cross-checks for multiple borrowing, rescheduling guardrails, and vintage monitoring. Incentivize collectors on quality, not only on volumes.

7) We have offices in Dubai and London—what changes?
Data exports, fundraising communications, and group compliance oversight. Use data minimization, formal data-transfer mechanisms, and marketing approvals that reflect UK/UAE standards.

8) How should we manage foreign borrowing?
Work through AD banks; seek approvals; disclose covenants; plan FX hedging; match cashflows; set internal red lines for leverage and coverage.

17) Common pitfalls (and quick fixes)

  • Cap confusion: Quoting flat rates or adding “fees” that effectively breach the cap → fix with a pricing engine, receipt templates, and branch posters.
  • Deposit drift: Accepting public deposits or term products not covered by the licence → immediately cease, notify the board, and regularize with the regulator.
  • Field-cash leakage: Delayed banking of collections → deploy daily reconciliation, surprise cash counts, and FO route planning.
  • Weak AML: No PEP/sanctions screening or ad-hoc STRs → implement batch screening, red-flag libraries, and approval chains.
  • Data blind spots: Unmapped exports to group systems → run a data inventory, set lawful bases, and implement DPAs + minimization.
  • Paper-only complaints: No analytics → set up a simple ticketing log with SLA clocks and quarterly board dashboards.

18) Snapshot—Board oversight calendar

Quarterly
■ Portfolio quality & provisioning coverage
■ Complaints & collections conduct trends
■ AML dashboard (KYC defects, sanctions hits, STRs)
■ Liquidity & funding (covenants, FX exposure)
■ Digital risk (access reviews, incident log)

Annually
■ Policy suite refresh (credit, AML, data, collections, GRM)
■ Pricing review vs. current cap; branch poster/receipt audit
■ Auditor performance/rotation; training plan approval
■ DR/BCP live test and lessons learned
■ Data-transfer risk assessment (if Dubai/London links exist)

19) Summary table — Microfinance & MFI Compliance (Bangladesh • Dubai • London)

TopicBangladesh (MFI perimeter)DubaiLondon
LicenceMandatory microfinance licence; inspections & sanctions apply.If doing finance activities locally, comply with market-conduct & licensing perimeters.Charity governance & financial-promotion rules if fundraising/marketing into the UK.
PricingDeclining-balance service-charge; stay under the live cap; disclose clearly.Consumer-protection and market-conduct oversight for local offerings.High scrutiny of consumer-finance promotions; clarity and fairness requirements.
SavingsMember-only; no public deposit-taking; product restrictions common.Treat client-funds messaging as regulated; keep PD/marketing compliant.Fundraising communications must meet charity/trustee standards.
AML/CFTEWRA, e-KYC/KYC, PEP/sanctions screening, STR governance, training.Federal AML/CFT framework; active supervision.UK AML and sanctions compliance; governance expectations for trustees.
DigitalPartner with banks/PSPs for MFS & agent banking; strict audit trails.Consumer-protection for digital channels; data security expectations.UK data-transfer obligations; TRA and contractual safeguards.
Foreign fundsApprovals/reporting for donations and foreign borrowing via AD banks.Data-transfer and consumer-protection compliance if engaging UAE audiences.Data-export controls; financial-promotion rules for UK audiences.

20) Where TRW fits in (Dhaka • Dubai • London)

  • Licensing & Setup (Bangladesh): licence dossier, policy suite, board charters, pricing engine design, client protection & GRM, AML/e-KYC, audit & reporting packs.
  • Digital & Data: vendor DD, DPAs, encryption/logging, DR/BCP, data-transfer tooling for Dubai/London.
  • Funding & FX: NGO registration (where applicable), AD-bank workflows, foreign borrowing approvals, hedging & covenant management.
  • Investigations & Remediation: pricing or deposit non-compliance clean-ups, AML special audits, and collections-conduct remediation plans.
  • Training: induction and annual refreshers for field teams, compliance, and the board.

If your microfinance operation also interfaces with banking or capital-markets transactions, explore our in-depth practice pages on Regulatory (Bangladesh Bank), NBFI Licensing & Compliance, Secured Lending & Syndication, and Loan Documentation for adjacent compliance scaffolding.

21) TRW Law Firm — Contact

Tahmidur Remura Wahid (TRW) Law Firm
Dhaka: House 410, Road 29, Mohakhali DOHS
Dubai: Rolex Building, L-12, Sheikh Zayed Road
Phones: +8801708000660, +8801847220062, +8801708080817
Emails: [email protected] | [email protected] | [email protected]

Final word

Microfinance in Bangladesh thrives when mission, math, and compliance reinforce one another. The fastest-growing operators we advise aren’t the ones with the largest field force—they’re the ones with clean controls, transparent pricing, disciplined savings practices, and data-mature digital operations that travel well across Dhaka, Dubai, and London. If you want a licence-ready, investor-friendly compliance pack—or a rapid uplift of your existing controls—TRW’s cross-border team can build it with you, end-to-end.

Loading…

Loading… | 5 MIN READ | BY TAHMIDUR REMURA WAHID