Annual compliance checklist for GCCs in India
Annual compliance checklist for GCCs in India

Global Capability Center (“GCC”) is an entity which has been established in India which performs business operations for its foreign entity. In India, GCCs are required to comply with multi-sectoral regulatory compliances which are derived not only from general obligations for the companies under the company law, tax, employment laws, and data protection but also the extra-territorial compliances derived from the foreign exchange regulation under FEMA and RBI regulations. A well-documented and strategised  Annual compliance checklist for the GCC in India ensures that the GCC is not only compliant with all regulatory filings and disclosures but also ensure that the internal governance framework is adhering to the prescribed timelines and internal record requirements.

GCCs must ensure that it remains compliant with the regulatory obligations not only at the time of incorporation but also during its operational phase. Any violation of the statutory regulations arising from the failure to comply with these obligations may result in penalties, regulatory investigations, and operational disruptions, and these are likely to create legal, financial and operational risk on the GCCs. For GCCs, the compliance is not limited to regulatory disclosures but also extends to internal governance, documentation, and internal processes as such entities due to the extra-territorial operation such entities are likely to face higher degree of scrutiny.

What are the mandatory annual compliance requirements for GCCs in India?

GCCs are treated as an Indian entity with respect to any operations which are being performed within the territory of India. Thus, the GCCs are mandatorily required to on an as applicable basis comply with not only the central laws but also the state regulations wherein such GCC is established. These dual statutory obligations are the ground for compliance requirements for the GCC in India and as such every entity must carefully navigate the regulatory regime to ensure it stays compliant under the law.

In practice, compliance is not derived from a single piece of legislation but is fragmented based on a sector and regulatory authority and as such GCCs must carefully review its internal processes to determine the compliance requirements applicable to it.

Key compliance buckets applicable to GCCs

  • Every company which is incorporated under the Companies Act, 2013 must ensure that it is compliant with the relevant obligations  under the Companies Act, 2013;
  • Due to the GCCs primary function relies on assisting the foreign entity, it must ensure that any foreign exchange transactions are in accordance with the FEMA and RBI regulations;
  • Tax compliance under the Income Tax Act, 1961 and GST laws
  • GCCs must ensure that its compliant with the state and central regulations governing the employees and labour which includes but is not limited to EPF, ESI, and Shops and Establishments; nd GCCs must ensure that it has mechanism implemented for data protection and IT compliance which are compliant with the Indian regulations such as the IT Act, DPDP Act and other regulations.

Applicability based on entity structure

  • Companies: These entities operate at the same degree as Indian entities and have the highest compliance requirement under the law.
  • LLPs: These have same benefits to that of a company but has reduced corporate compliance.
  • Branch/liaison offices: While this structure enjoys lesser compliance with only reporting requirements to the RBI, their scope of work is also limited.

Annual compliance checklist GCC India: Key corporate law filings under the Companies Act, 2013

The GCCs operating in India must ensure that it makes the timely filing of the Companies Act, 2013 disclosure to avoid financial and legal risk. Such filings require careful planning and board approval prior to such filing.

The Annual filings under the Companies Act 2013 India ensure transparency in governance, financial reporting, and ownership and ensures legal defence in regulatory investigations.

Core annual corporate compliances

  • Conducting of the board meetings and maintaining minutes of meeting;
  • Conducting Annual General Meeting in accordance with the statutory procedure and timelines;
  • Filing financial statements and annual returns within the prescribed period; and
  • Ensuring that the director KYC and other disclosures are updated.

Key statutory filings

  • Form AOC-4: Financial statements;Form MGT-7 / MGT-7A: Annual return; and
  • DIR-3 KYC: Director identification compliance.

Practical considerations

  • The non-compliance may lead to penalties prescribed under the law with any further delays leading to imposition of an additional fees on a per-day basis;
  • Inaccurate or incomplete disclosures may result in regulatory investigation and adjudicatory proceedings; and
  • Secretarial oversight by practicing Company Secretary is critical for maintaining  statutory registers.

What RBI and FEMA compliances apply to GCCs with foreign ownership?

Due to the nature of the operation of GCCs, they are bound to fall under the scope of foreign investment disclosure requirements provided under the FEMA rules and regulations wherein the reporting obligations operate independently of company law filings. These compliances are required to be made to the RBI and are closely monitored by the Reserve Bank of India.

Non-compliance may not only lead to penalties but also impact capital flows and downstream investments.

Key FEMA and RBI filings

  • Annual FLA return must be filed on July 15 of every year indicating the assists and liabilities of the  GCCs;
  • Form FC-GPR is filed to report the issue of capital instruments within 30 days from allotment; and
  • Form FC-TRS is filed to report the transfer of capital instruments within 60 days from transfer.

Cross-border compliance considerations

  • Transfer pricing alignment with intercompany arrangements;
  • Compliance with External Commercial Borrowing regulations published by RBI; and
  • Documentation of pricing policies and services.

Enforcement trends and risks

  • There has been seen a rise in RBI scrutiny on delayed filings or non filing
  • Compounding proceedings are preferred medium for resolution of  non-compliance to prevent further risk; and
  • Inconsistencies between tax and FEMA disclosures often led to regulatory review.

GCC compliance requirements India: What labour and employment laws must be complied with annually?

Labour compliance is crucial regulation which remains as high-risk area to GCC due to its state-wise implementation and difference in regulatory requirement based on location. The labour law requires greater attention for compliance due several compliances being a continuous compliance rather than annual filings alone.

Labour law compliance for GCCs India includes wages, social welfare, contributions, industrial relations, and other obligations.

Core labour law obligations

  • EPFO and ESIC contributions;
  • Payment of gratuity, bonus, and other statutory benefits;
  • Maintenance of employee registers and wage records.

POSH and workplace compliance

  • Constitution of Internal Committee whenever applicable;
  • Grievance redressal mechanism;
  • Filing of annual POSH report before the competent authority; and
  • Training and awareness activities.

State-specific requirements

  • Shops and Establishments registrations and compliances;
  • Professional tax compliance; and
  • Labour welfare fund contributions.

What data protection and IT compliance obligations apply to GCCs in India?

GCCs process significant volumes of employee and operational data which in certain cases constitutes personal data. Thereby, mandating that such GCCs comply with the data protection laws in India. The framework is evolving with the Digital Personal Data Protection Act, 2023 governing the processing of personal data in India.

Compliance extends beyond policy and documentation as the rights and obligations prescribed under the law must be incorporated into the operations of the GCC.

Key data protection obligations

  • Consent of the data principle;
  • Lawful processing of personal data;
  • Implementation of detailed notice as per the regulatory requirements;
  • Data minimization and purpose limitation.

Cross-border and operational considerations

  • Alignment with global data transfer policies and best practices;
  • Vendor and processor contractual agreements ensuring security safeguards measures; and
  • Incident response and breach reporting mechanism.

Practical compliance issues

  • Processing must only be conducted for the purpose provided in the notice and must not over rely on “legitimate use” as the same may create interpretational risks;
  • Employee data retention policies require alignment with statutory timelines; and
  • Increased regulatory focus on data breaches ensuring compliance with the timeline and methods.

India corporate compliance calendar GCC: What are the key due dates and timelines to track?

A compliance calendar is essential to ensure that the GCC has a comprehensive list of timelines prescribed for regulatory disclosures to ensure there is timely filings across regulators. GCCs typically face overlapping timelines across corporate, tax, and labour laws.

An integrated India corporate compliance calendar GCC reduces the potential risk regulatory risk arising out of delayed disclosures.

Key periodic compliances

  • Monthly: EPF, ESIC, TDS payments;
  • Quarterly: TDS returns, GST filings; and
  • Annual: Financial statements, tax returns, FLA return.

Event-based triggers

  • Changes in directors or shareholding;
  • Alteration of capital structure;
  • Collection of personal data; and
  • Opening or closing of offices.

Implementation approach

  • Centralised comprehensive compliance tracker ensuring all regulatory requirements are captured;
  • Integration with finance, HR, and legal teams into all disclosure timelines and requirements; and
  • Periodic compliance audits.

What tax compliances are mandatory for GCCs in India on an annual basis?

Tax compliance for GCCs involves both direct and indirect tax obligations, with heightened regulatory requirements and scrutiny due to the cross-border transactions.

Transfer pricing remains a key area of focus with respect to taxation for the GCCs.

Core tax compliances

  • Filing of income tax return;
  • Maintenance of transfer pricing documentation; and
  • Filing of Form 3CEB.

Indirect tax obligations

  • GST annual return and reconciliation; and
  • Input tax credit validation.

Withholding tax compliance

  • TDS deductions and quarterly filings; and
  • Reconciliation with financial statements.

Regulatory compliance for captive centres India: Are there industry-specific obligations?

Certain GCCs are subject to additional compliance depending on sector specific regulation arising out of the operational industry wherein the services of the GCC resides.

Furthermore, these This entities must also ensure that while operating in regulated or export-oriented scheme it must comply with the specific requirements therein.

SEZ/STPI compliance

  • Filing of performance reports; and
  • Compliance with export obligations.

Sector-specific obligations

  • Fintech: RBI oversight, IT regulations and licensing;
  • Healthcare: Data and clinical compliance; and
  • IT/ITeS: Export, IT regulations and data security norms.

EHS compliance

  • Workplace safety audits;
  • Compliance with local regulations on facilities.

What are the consequences of non-compliance for GCCs in India?

Non-compliance exposes GCCs to regulatory, financial, and reputational risks. Thus, GCCs must ensure that it has proper documentation to ensure compliance under the law which acts as evidence across all regulators.

Financial and regulatory exposure

  • Penalties under Companies Act, FEMA, employment laws and tax laws;
  • Late fees and interest liabilities.

Governance risks

  • Director disqualification; and
  • Adjudication and prosecution proceedings.

Cross-border implications

  • Impact on operations and funding; and
  • Increased scrutiny from foreign parent entities.

How should GCCs structure an effective internal compliance framework?

A structured compliance framework ensures that the GCC can undertake a proactive approached towards compliance and mitigation of risks. This is essential for scaling operations by a GCC in India.

Core elements of an effective framework

  • Dedicated compliance and legal team; and
  • Clearly defined roles and accountability.

Systems and controls

  • Use of compliance management tools; and
  • Periodic internal and external audits.

Governance and reporting

  • Regular reporting to board and management; and
  • Documentation of compliance actions and decisions.

FAQs on Annual Compliance Checklist for GCCs in India

What is a GCC and how is it regulated in India?

A Global Capability Center is an entity which is established by foreign entity in India to perform its business operations to assist the foreign entity. It is regulated based on its operations and the legal structure under company, labour, tax, and FEMA laws.

Do GCCs require separate compliance if they are captive units of foreign companies?

Yes, the Indian GCCs have independent compliance requirements under the Indian laws regardless of foreign ownership.

Are LLP-based GCCs subject to the same annual compliances as companies?

No, LLP is a separate organisational structure than that of Company and faces reduced regulatory requirements. However, LLPs must comply similar with tax and FEMA regulations.

How often should compliance audits be conducted for GCCs?

At least annually, with additional periodic reviews depending on operational complexity.

Can non-compliance impact cross-border operations or funding?

Yes, the non-compliance may lead to financial, legal and operations risk due to regulatory penalties and investigation.

About Us

Corrida Legal is a boutique corporate & employment law firm serving as a strategic partner to businesses by helping them navigate transactions, fundraising-investor readiness, operational contracts, workforce management, data privacy, and disputes. The firm provides specialized and end-to-end corporate & employment law solutions, thereby eliminating the need for multiple law firm engagements. We are actively working on transactional drafting & advisory, operational & employment-related contracts, POSH, HR & data privacy-related compliances and audits, India-entry strategy & incorporation, statutory and labour law-related licenses, and registrations, and we defend our clients before all Indian courts to ensure seamless operations.

We keep our client’s future-ready by ensuring compliance with the upcoming Indian Labour codes on Wages, Industrial Relations, Social Security, Occupational Safety, Health, and Working Conditions – and the Digital Personal Data Protection Act, 2023. With offices across India including GurgaonMumbai and Delhi coupled with global partnerships with international law firms in Dubai, Singapore, the United Kingdom, and the USA, we are the preferred law firm for India entry and international business setups. Reach out to us on LinkedIn or contact us at contact@corridalegal.com/+91-9211410147 in case you require any legal assistance. Visit our publications page for detailed articles on contemporary legal issues and updates.

Legal Consultation

In addition to our core corporate and employment law services, Corrida Legal also offers comprehensive legal consultation to individuals, startups, and established businesses. Our consultations are designed to provide practical, solution-oriented advice on complex legal issues, whether related to contracts, compliance, workforce matters, or disputes.

Through our Legal Consultation Services, clients can book dedicated sessions with our lawyers to address their specific concerns. We provide flexible consultation options, including virtual meetings, to ensure ease of access for businesses across India and abroad. This helps our clients make informed decisions, mitigate risks, and remain compliant with ever-evolving regulatory requirements.

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    To Top