| The case | Infrastructure Leasing & Financial Services (IL&FS) — the 2018 collapse that opened India's modern audit-accountability era |
| The lender | IL&FS Financial Services (IFIN), the group's non-banking finance arm |
| The auditors | Deloitte Haskins & Sells LLP and BSR & Associates LLP (a KPMG network firm); SRBC & Co LLP (an EY network firm) named at group level |
| The mechanism | Evergreening — fresh loans routed back through third parties to clear old ones, so bad debt never surfaced as an NPA |
| The India hook | The first real test of Section 140(5) of the Companies Act — and of the NFRA, the regulator created the same year IL&FS fell |
| Scope | Commentary on matters in the public domain — regulator findings and court records, not the author's assertions. The firms deny wrongdoing; key matters remain under adjudication. |
The fortnight that broke a ₹91,000 crore group
In September 2018, a group most retail investors had never heard of started missing payments, and the Indian money markets noticed within days. IL&FS was a sprawling infrastructure financier — by the time the new board finished counting, a web of close to 348 entities — sitting on an aggregate debt burden of more than ₹91,000 crore. When IFIN, its finance arm, defaulted on short-term obligations, debt mutual funds that held its paper had to mark it down, and the contagion fear was immediate enough that the government stepped in, superseded the board, and installed its own (chaired by Uday Kotak) to stop the unwind.
Here is the part that matters for this newsletter. Until weeks before the defaults, much of the group's debt carried the top AAA rating from credit-rating agencies — the agencies were later penalised separately — and the statutory audit opinions on IFIN had been unqualified. The safest-looking credit on the shelf stopped paying almost overnight. That gap, between what the paper said and what the position was, is the file we are opening.
What "evergreening" actually means
Strip away the jargon and it is simple. For a lender, a loan going bad is not just a loss of money — it is a hit you are forced to take on paper. Under the RBI's rules for a non-banking finance company, a performing loan needs only a token provision; once a loan turns sub-standard, doubtful, or loss-making, the provision climbs steeply, reaching the full value of the exposure when there is no security behind it. A bad loan recognised is profit destroyed, and enough of them is a capital problem.
Evergreening is the move that avoids the recognition. Instead of admitting the borrower cannot repay, the lender advances fresh money — directly, or more usefully through a third party — and that money comes back to clear the original loan. On the books, the old loan is "repaid." It never becomes an NPA. No provision is taken. Profit is undisturbed. The forensic special audit Grant Thornton conducted for the new board — the IFIN report later reported as "Project Icarus" — traced exactly this pattern through the loan ledger.
The numbers the forensic audit put on it
The special audit did not deal in abstractions; it counted. As reported from the forensic findings, it flagged scores of evergreening instances at IFIN — one widely cited figure is 107 — alongside short-term borrowings deployed for long-term lending, and funds advanced to outside parties that were then channelled into IL&FS group companies. The IFIN report is reported to have flagged roughly ₹13,299 crore across about ten categories of suspected irregularity.
One thread is worth pulling out, because it is pure audit territory. An NBFC's net owned funds — the capital floor the RBI watches — must be computed after stripping out exposure to group companies. The forensic auditor found IFIN deducting only its direct-subsidiary exposure rather than the wider group, which overstated the cushion and obscured how close the company was running to its regulatory floor. That is not a hidden offshore account. It is a definition, applied in the wrong direction, in plain sight on the balance sheet.
Where the signature comes in
Edition 05 stated the auditor's real defence plainly: an audit verifies what management represents, it is not a forensic fraud hunt, and a determined conspiracy can defeat competent procedures. That holds. But the items above are not exotic forensics. Tracing the use of loan proceeds, classifying an asset as standard or non-performing, and computing net owned funds against a regulatory definition are core audit-judgment areas — the ordinary furniture of an NBFC engagement.
That is why the regulator's finding lands where it does. The NFRA's Audit Quality Review of the FY2017-18 IFIN statutory audit concluded that the departures from the Standards on Auditing were significant enough that the firm lacked adequate justification for issuing its opinion, and described the firm's quality-control processes as severely inadequate. In 2020 the NFRA penalised the engagement partner and barred him for seven years. The government's case alleged twenty-two audit violations; the SFIO's chargesheet, naming around thirty parties across FY14 to FY18, alleged the auditors colluded to conceal and to falsify.
The firms reject that reading. Both Deloitte and BSR have maintained their audits were performed in line with the applicable professional standards, and the firm-level findings remain contested and, in part, before the courts. None of what follows assumes guilt the courts have not finally found — but the regulator's words about the opinion are themselves part of the public record.
| Statutory auditor | Deloitte Haskins & Sells LLP (FY16–FY18); BSR & Associates LLP, a KPMG network firm (FY18 joint, FY19) |
| How it ended | Deloitte rotated out in 2017–18; BSR resigned in June 2019, after the removal notice |
| Regulator finding | NFRA: departures from auditing standards significant enough that the opinion lacked adequate justification; engagement partner barred seven years (2020) |
| Firms' position | Maintain the audits met applicable professional standards; firm-level matters remain under adjudication |
| Status (mid-2026) | Section 140(5) ban proceedings and the SFIO criminal case continue; no final firm-level order |
The part that should feel familiar — who is allowed to punish the auditor?
If you read Edition 05, the next stretch will give you a strange sense of repetition. Satyam, you may recall, spent years not on the fraud but on the question of who was even allowed to discipline the auditor. IL&FS ran the same loop, with a different section number.
The government moved against Deloitte and BSR under Section 140(5) of the Companies Act, the provision that lets a tribunal remove an auditor found to have acted fraudulently and bar the firm for five years. The firms argued they had already left — rotated out, or resigned — so the section could not reach them, and challenged its constitutional validity for good measure. The litigation that followed is the actual story of the last seven years.
The group collapsed in a fortnight. Seven years on, whether — and how — to punish the auditor is still being argued.
The loop closes — sort of
Edition 05 ended on the creation of the NFRA in 2018, "roughly a decade after Satyam," and called the gap between naming a problem and building the machinery to act on it one of the quieter red flags in the whole story. IL&FS is the case that machinery was first turned on. The individual partner has been sanctioned. The firms have not — and may yet prevail. The five-year bar that Section 140(5) was written to be is, in 2026, still a question mark, for the oldest reason in this series: the argument over reach has outlived the fraud it was meant to answer.
An audit opinion is a useful signal, not a guarantee — and a top rating on a lender that defaults next month is the gap, not the comfort.
What to Watch For
- A borrower whose fresh loan lands just as an old loan to a related party clears — in the same window. Trace the use of proceeds, not only the repayment. Round-tripping leaves a timing signature.
- Net owned funds or capital adequacy that depends on which exposures you strip out. The definition is where the cushion gets manufactured; group-versus-subsidiary is the tell.
- A loan book heavy with group and related-party names. Concentration in entities the lender effectively controls is where evergreening lives.
- "Standard" assets that never migrate to NPA despite visible stress at the borrower. A classification that refuses to move is itself the flag.
- An auditor who resigns just as the questions arrive, or rotates out without a clean handover. As Edition 05 put it, the exit can be the disclosure.
- Going-concern silence. When a lender this leveraged carries an unqualified opinion and a top rating into the month it defaults, the distance between the paper and the position is the whole story.
Next: Edition 07 returns to the same shelf — another lender, another set of related-party names, and a forensic audit whose job was to count the shells. Same series. Same question. How did nobody see it?
Supreme Court of India, Union of India v. Deloitte Haskins and Sells LLP & Anr (3 May 2023) on Section 140(5) of the Companies Act, 2013 · High Court of Bombay, writ petitions on Section 140(5) (21 Apr 2020) · National Company Law Tribunal orders, including the 2026 ruling permitting proceedings against the audit firms to continue · National Financial Reporting Authority (NFRA) — Audit Quality Review of the IFIN statutory audit and the 2020 order against the engagement partner · Serious Fraud Investigation Office (SFIO) chargesheet in the IL&FS / IFIN matter · Grant Thornton special / forensic audit of IL&FS group companies (the IFIN report reported as "Project Icarus"), as reported in the press · Reserve Bank of India Master Directions on NBFC asset classification, provisioning and net owned funds · Institute of Chartered Accountants of India (ICAI) disciplinary proceedings; Ministry of Corporate Affairs filings · Contemporaneous reporting (Business Standard, Business Today, Mint, Moneylife).