Skip to main content

Fraud Risk Management in Commercial Banks (including RRBs), AIFI, UCBs, StCBs, CCBs and NBFCs (including HFCs)

Reserve Bank of India (RBI) has issued directions on fraud risk management in Commercial Banks [including Regional Rural Banks (RRBs)], All India Financial Institutions (AIFI), Urban Cooperative Banks (UCBs), State Cooperative Banks (StCBs), Central Cooperative Banks (CCBs) and Non-Banking Financial Companies (NBFCs) [including Housing Finance Companies (HFCs)].

What is the purpose of the directions?

The directions are issued with a view to providing a framework to Commercial Banks, AIFI, Cooperative Banks and applicable NBFCs for prevention, early detection and timely reporting of incidents of fraud to Law Enforcement Agencies (LEAs), Reserve Bank of India (RBI), National Bank for Agriculture and Rural Development (NABARD) and National Housing Bank (NHB) and dissemination of information by RBI and matters connected therewith or incidental thereto.

To whom are the directions applicable?

The directions are applicable to –

Banks Cooperative Banks Applicable NBFCs
Commercial Banks (including foreign banks, Local Area Banks, Small Finance Banks, Payments Banks and RRBs)

AIFIs –

– Export-Import Bank of India (Exim Bank)
– NABARD
– National Bank for Financing Infrastructure and Development (NaBFID)
– NHB
– Small Industries Development Bank of India (SIDBI)
UCBs
StCBs
CCBs
 NBFCs (including HFCs) in –
– Upper Layer
– Middle Layer
– Base Layer (with asset size of ₹500 crore and above)

What are the directions on Fraud Risk Management Policy?

  • The Board approved policy on fraud risk management shall incorporate measures for ensuring compliance with principles of natural justice in a time-bound manner which at a minimum shall include –
    • Issuance of a detailed Show Cause Notice (SCN) to the Persons, Entities and its Promoters / Whole-time and Executive Directors against whom allegation of fraud is being examined.
    • A reasonable time of atleast 21 days shall be provided to the Persons / Entities on whom the SCN was served to respond to the said SCN.
    • A reasoned Order shall be served on the Persons / Entities conveying the decision regarding declaration / classification of the account as fraud or otherwise.
  • Fraud Risk Management Policy shall be reviewed by the Board at least once in 3 years, or more frequently.

What are the directions on Special Committee of the Board for Monitoring and Follow-up of cases of Frauds (SCBMF)?

Banks Cooperative Banks Applicable NBFCs
Committee of the Board to be known as ‘Special Committee of the Board for Monitoring and Follow-up of cases of Frauds’ (SCBMF) shall oversee the effectiveness of the fraud risk management.
SCBMF shall be constituted with a minimum of 3 members of the Board, consisting of a whole-time director and a minimum of 2 independent directors / non-executive directors. SCBMF shall be constituted with a minimum of 3 members of the Board, consisting of the Chief Executive Officer and 2 directors. SCBMF shall be constituted with a minimum of 3 members of the Board, consisting of the Chief Executive Officer and 2 Independent Directors.
The Committee shall be headed by one of the independent directors / non-executive directors. The Committee shall be headed by one of the directors. The Committee shall be headed by one of the Independent Directors.

 

 Tier 1 & 2 UCBs and StCBs / CCBs having deposits below ₹1000 crore shall have the option of constituting a Committee of the Executives (CoE) with a minimum of 3 members, at least one of whom shall be the Chief Executive Officer for the purpose of performing the roles and responsibilities of SCBMF. Applicable Middle Layer and Base Layer NBFCs shall have the option of constituting a Committee of the Executives (CoE) with a minimum of 3 members, at least one of whom shall be a Whole-time director or equivalent rank Official for the purpose of performing the roles and responsibilities of SCBMF.
A senior official in the rank of at least a General Manager or equivalent shall be responsible for monitoring and reporting of frauds. A sufficiently senior official shall be responsible for monitoring and reporting of frauds.

What is Red Flagged Account (RFA)?

A Red Flagged Account (RFA) is one where suspicion of fraudulent activity is thrown up by the presence of one or more Early Warning Signals (EWS) indicators, alerting / triggering deeper investigation from potential fraud angle and initiating preventive measures.

What is the framework for early detection of frauds?

Banks Cooperative Banks Applicable NBFCs
Banks shall have a framework for EWS and RFA. Tier 3 & 4 UCBs and StCBs / CCBs having deposits above ₹1000 crore shall have a framework for EWS. NBFCs in the Upper Layer and Middle Layer (NBFCs – UL & ML) shall have a framework for EWS.
Risk Management Committee of the Board (RMCB) shall oversee the effectiveness of the framework for EWS and RFA. Board Level Committee shall oversee the effectiveness of the framework for EWS.
An account meeting the CRILC reporting threshold (i.e. aggregate fund-based and non-fund-based exposure of ₹3 crore and above for reporting RFA / frauds), shall be reported to RBI within 7 days of being red flagged.

 

Central Repository of Information on Large Credits (CRILC) and Central Fraud Registry (CFR) are not applicable to RRBs.

What are the directions on reporting of fraud?

Banks Cooperative Banks Applicable NBFCs
The decision to classify any account, either standard or NPA, as a RFA shall be at the individual bank level and such banks shall report the status of the account on RBI’s CRILC platform immediately (within 7 days from date of classification as RFA).

 
The principles of natural justice shall be strictly adhered to before classifying / declaring an account as fraud.
Once an account has been red-flagged, the entire process of classification of the account as fraud or removal of RFA status shall be completed within 180 days from the date of first reporting of the account as RFA on the CRILC platform. Cases remaining in RFA status beyond 180 days shall be reported to the SCBMF for review with adequate reasoning / justification thereof. Such cases shall also be subject to supervisory review by RBI.

 
In case an account is identified as a fraud, the borrowal accounts of other group companies, in which one or more promoters / whole-time directors are common, shall also be subjected to examination from fraud angle.
In cases where Law Enforcement Agencies (LEAs) have suo moto initiated investigation involving a borrower account, the bank shall immediately red-flag the account and follow the usual process for classification of account as fraud. In cases where Law Enforcement Agencies (LEAs) have suo moto initiated investigation involving a borrower account, Cooperative Banks / applicable NBFCs shall follow the process of classification of account as fraud.
Necessary terms and conditions may be incorporated in agreements with third-party service providers to hold them accountable in situations where wilful negligence / malpractice by them is found to be a causative factor for fraud.
After complying with the principles of natural justice, the details of such third parties or professionals involved in frauds shall be reported to Indian Banks’ Association (IBA). IBA would, in turn, prepare caution lists of such third parties for circulation.

 

What are the directions on staff accountability?

Banks Cooperative Banks Applicable NBFCs
PSBs and AIFIs shall conduct examination of staff accountability as per the guidelines issued by the Central Vigilance Commission (CVC). In terms of CVC Order, PSBs and AIFIs shall also refer all fraud cases of amount involving ₹3 crore and above for examining the role of all levels of officials / whole-time directors (including ex-officials / ex-WTDs) to the Advisory Board for Banking and Financial Frauds (ABBFF) constituted by the CVC.

 

 Government-NBFCs shall conduct examination of staff accountability as per the guidelines issued by the CVC. In terms of CVC Order, applicable NBFCs in the public sector shall also refer all fraud cases of amount involving ₹3 crore and above for examining the role of all levels of officials / whole-time directors (including ex-officials / ex-WTDs) to the ABBFF constituted by the CVC.
In cases involving very senior executives of the bank (MD & CEO / Executive Director / Executives of equivalent rank), the Audit Committee of the Board (ACB) shall initiate examination of their accountability and place it before the Board. However, in case of PSBs and AIFIs, such cases shall also be referred to the ABBFF. In cases involving very senior executives of the Cooperative Banks (MD & CEO / Chief Executive Officer / Executives of equivalent rank), the ACB shall initiate examination of their accountability and place before the Board. In cases involving very senior executives of the applicable NBFCs (MD & CEO / Executive Director / Executives of equivalent rank), the ACB shall initiate examination of their accountability and place it before the Board. However, in case of applicable NBFCs in the public sector, such cases shall also be referred to the ABBFF.

What penal measures shall be taken against persons / entities reported as fraud?

Persons / Entities classified and reported as fraud by Commercial Banks / AIFIs / Cooperative Banks / applicable NBFCs and also Entities and Persons associated with such Entities, shall be debarred from raising of funds and / or seeking additional credit facilities from financial entities regulated by RBI, for 5 years from the date of full repayment of the defrauded amount / settlement amount agreed upon in case of a compromise settlement.

What shall be the treatment of accounts under resolution?

  • In case an entity classified as fraud has subsequently undergone a resolution either under IBC or under the resolution framework of RBI resulting in a change in the management and control of the entity / business enterprise, Commercial Banks / AIFIs / Cooperative Banks / applicable NBFCs shall examine whether the entity shall continue to remain classified as fraud. 
  • This would, however, be without prejudice to the continuance of criminal action against erstwhile promoters / directors / persons who were in charge and responsible for the management of the affairs of the entity / business enterprise.
  • The penal measures shall not be applicable to entities / business enterprises after implementation of the resolution plan under IBC or aforesaid prudential framework.
  • The penal measures shall continue to apply to the erstwhile promoters / directors / persons who were in charge and responsible for the management of the affairs of the entity / business enterprise.

What are the directions on reporting of frauds to LEA?

Banks Cooperative Banks Applicable NBFCs
The incidents of fraud shall be immediately reported to LEAs, subject to applicable laws, as indicated below –
Category of bank Amount involved in the fraud LEA to whom complaint should be lodged
Private Sector / Foreign Banks Below ₹1 crore State / Union Territory (UT) Police
₹1 crore and above In addition to State / UT Police, Serious Fraud Investigation Office (SFIO), Ministry of Corporate Affairs, Government of India
Public Sector Banks / RRBs Below ₹6 crore State / UT Police
₹6 crore and above Central Bureau of Investigation (CBI)

The incidents of fraud shall be immediately reported to appropriate LEAs viz. State Police authorities, etc. subject to applicable laws.

What are the directions on reporting of fraud to RBI?

Banks (except RRBs) UCBs Applicable NBFCs (except HFCs)
Fraud Monitoring Return (FMR) shall be furnished in individual fraud cases, irrespective of the amount involved, immediately within 14 days from the date of classification of an incident / account as fraud.
Incidents of fraud at overseas branches of Indian banks shall also be reported to the concerned overseas LEAs in accordance with the relevant laws / regulations of the host countries.

 

 Incidents of fraud at overseas branches of Indian NBFCs shall also be reported to the concerned overseas LEAs in accordance with the relevant laws / regulations of the host countries.
Banks shall also report frauds perpetrated in their group entities to RBI separately (FMR through email only), if such entities are not regulated / supervised by any financial sector regulatory / supervisory authority. However, in case of overseas banking group entity of Indian banks, the parent bank shall also report incidents of fraud to RBI.

 

 Applicable NBFCs shall also report frauds perpetrated in their group entities to RBI separately (FMR through email only), if such entities are not regulated / supervised by any financial sector regulatory / supervisory authority. However, in case of overseas financial group entity of Indian NBFC, the parent NBFC shall also report incidents of fraud to RBI.
Banks may, under exceptional circumstances, withdraw FMR / remove names of perpetrators from FMR. Such withdrawal / removal shall, however, be made with due justification and with the approval of an official at least in the rank of a whole-time director. UCBs / applicable NBFCs may, under exceptional circumstances, withdraw FMR / remove names of perpetrators from FMR. Such withdrawal / removal shall, however, be made with due justification and with the approval of an official at least in the rank of a director.
Banks are required to report payment system related disputed / suspected or attempted fraudulent transactions to Central Payments Fraud Information Registry (CPFIR), maintained by RBI. However, such transactions, if subsequently concluded as fraud committed on banks, shall invariably be reported through FMR so as to be reflected in CFR.

 
Fraud cases shall be closed using 'Closure Module' where the below stated actions are complete –
  • The fraud cases pending with LEAs / Court are disposed of; and
  • The examination of staff accountability has been completed.
Banks are allowed, for limited statistical / reporting purposes, to close those reported fraud cases involving amount up to ₹1 crore, where examination of staff accountability and disciplinary action, if any, have been taken and –
  • The investigation is going on or charge-sheet has not been filed in the Court by LEA for more than 3 years from the date of registration of First Information Report (FIR); or
  • The charge-sheet is filed by the LEAs in trial court and the trial in the court has not commenced or is pending before the court for more than 3 years from the date of registration of FIR.

 

 NBFCs are allowed, for limited statistical / reporting purposes, to close those reported fraud cases involving amount upto ₹25 lakh, where examination of staff accountability and disciplinary action, if any, has been taken and –
  • The investigation is going on or charge-sheet has not been filed in the Court by LEA for more than 3 years from the date of registration of FIR; or
  • The charge-sheet is filed by the LEAs in trial court and the trial in the court has not commenced or is pending before the court for more than 3 years from the date of registration of FIR.

  • RRBs, StCBs and CCBs shall report incidents of fraud to NABARD in the manner and in Returns / Formats as prescribed by NABARD.
  • HFCs shall report incidents of fraud to NHB in the manner and in Returns / Formats as prescribed by NHB.

What are the directions on reporting cheque related frauds?

  • Reporting of frauds involving forged instruments, including fake / forged instruments sent in clearing in respect of truncated instruments, shall continue to be done by the paying banker and not by the presenting banker. 
  • However, in the case of presentment of an instrument which is genuine but payment has been made to a person who is not the true owner; or where the amount has been credited before realisation and subsequently the instrument is found to be fake / forged and returned by the paying bank, the presenting bank shall file the fraud report with RBI and inform the LEAs.

What are directions on audit and transfer of accounts?

  • The title deeds and other related title documents shall be subject to periodic legal audit and re-verification, till the loan is fully repaid, as below –

Commercial Banks / AIFIs All credit facilities of ₹5 crore and above
Small Finance Banks, Local Area Banks, Regional Rural Banks, Cooperative Banks and applicable NBFCs All credit facilities of ₹1 crore and above
  • Commercial Banks / AIFIs / Cooperative Banks / applicable NBFCs shall complete the investigation from fraud angle before transferring the loan account / credit facility to other lenders / ARCs. In cases where Commercial Banks / AIFIs / Cooperative Banks / applicable NBFCs conclude that a fraud has been perpetrated in the account, they shall report it to RBI / NABARD / NHB before selling the asset / accounts to other lenders / ARCs.

What is the date of occurrence, detection and classification of frauds for filing FMR?

  • The ‘date of occurrence’ is the date when the actual misappropriation of funds has started taking place, or the event occurred, as evidenced / reported in the audit or other findings.
  • The ‘date of detection’ is the actual date when the fraud came to light in the concerned branch / audit / department, and not the date of approval by the competent authority of Commercial Banks / AIFIs / Cooperative Banks / applicable NBFCs.
  • The ‘date of classification’ is the date when due approval from the competent authority has been obtained for such a classification, and the reasoned order is passed.  

What are the directions for reporting cases of Theft, Burglary, Dacoity and Robbery?

  • Commercial Banks / AIFIs / UCBs / applicable NBFCs shall report instances of theft, burglary, dacoity and robbery (including attempted cases) to RBI, immediately (within 7 days from their occurrence).
  • Commercial Banks / AIFIs / UCBs / applicable NBFCs shall also submit a quarterly Return (RBR) on theft, burglary, dacoity and robbery to RBI using online portal within 15 days from the end of the quarter to which it relates.
  • RRBs, StCBs and CCBs shall report cases of theft, burglary, dacoity and robbery to NABARD in the manner and in Returns / Formats as prescribed by NABARD.
  • HFCs shall report cases of theft, burglary, dacoity and robbery to NHB in the manner and in Returns / Formats as prescribed by NHB.


References

Reserve Bank of India. (2024, July 15). 'Master Directions on Fraud Risk Management in Commercial Banks (including Regional Rural Banks) and All India Financial Institutions'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12702&Mode=0

Reserve Bank of India. (2024, July 15). 'Master Directions on Fraud Risk Management in Non-Banking Financial Companies (NBFCs) (including Housing Finance Companies)'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12704&Mode=0

Reserve Bank of India. (2024, July 15). 'Master Directions on Fraud Risk Management in Urban Cooperative Banks (UCBs) / State Cooperative Banks (StCBs) / Central Cooperative Banks (CCBs)'. Retrieved from https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=12703&Mode=0


Follow at - Telegram   Instagram   LinkedIn   X   Facebook

Labels:

Comments

Post a Comment

Popular Posts

Digital Payments – E-mandate Framework 2026

Reserve Bank of India (RBI) has issued e-mandate framework for digital payments. What is an e-mandate?  A mandate is a standard instruction that a customer provides to his / her issuing bank and other institutions allowing them to automatically debit the mentioned amount from his / her bank account. e-mandate is the electronic version of it. To whom shall the framework be applicable? The framework shall be applicable to Payment System Providers and Payment System Participants. To which transactions shall the framework be applicable? The framework shall be applicable to processing of recurring transactions, domestic or cross-border, using cards / Prepaid Payment Instrument (PPI) / Unified Payments Interface (UPI). What are the guidelines for registration and revocation of e-mandate? A customer desirous of opting for e-mandate facility shall undertake a one-time registration process. The mandate shall be registered only after successful validation of additional factor of authenticati...
Post a Comment
Read more

Guidelines to facilitate faster cross-border inward payments

Reserve Bank of India (RBI) has issued guidelines to facilitate faster cross-border inward payments. What is the rationale behind the guidelines? The RBI’s Payments Vision 2025 aims to bring efficiency in the cross-border payments aligning with the G20 roadmap for cross-border payments that has set targets for achieving cheaper, faster, more transparent, and more accessible cross-border payments. One of the challenges with speed of cross-border payments is experienced at the beneficiary leg i.e., the time taken from receipt of the payment at the beneficiary bank till credit to the beneficiary account. What are the guidelines to facilitate faster cross-border inward payments? Banks shall inform their customer of the receipt of cross-border inward transactions immediately on receipt of inward message. Messages received after close of operating hours of banks shall be informed to customer immediately at the start of the next business day. Banks shall undertake reconciliation and confirmat...
1 comment
Read more

Utkarsh 2029

Reserve Bank of India (RBI) has published its medium-term strategy framework – Utkarsh 2029, for the period April 2026 to March 2029. Utkarsh RBI had first formulated its medium-term strategy framework, viz. ‘Utkarsh 2022’ for the period 2019-2022 in July 2019, replacing its annual action plans as the latter spanned over a short period, insufficient to pursue strategic objectives.  The strategic framework contained, inter alia, RBI’s Mission, Core Purpose, Values and Vision Statements, reiterating RBI’s commitment to the Nation. It became a medium-term strategy document guiding RBI’s progress towards realisation of the identified milestones. The subsequent strategy framework, i.e., ‘Utkarsh 2.0’, spanned the period 2023-25. Utkarsh 2029  Utkarsh 2029 is the medium-term strategy framework for the period April 2026 to March 2029. Utkarsh 2029 has a 3-layered structure consisting of strategy pillars guided by the vision and values of RBI. Vision of Utkarsh 2029 – Continue excelle...
Post a Comment
Read more

Credit Information Reporting

Reserve Bank of India (RBI) had issued directions on credit information reporting by the regulated entities. What are Credit Information Companies (CICs)? Credit Information Companies (CICs) mean companies that have been granted a certificate of registration by RBI under section 5 of the Credit Information Companies (Regulations) Act, 2005 (CICRA).  The following CICs are registered with RBI – CRIF High Mark Credit Information Services Private Limited Equifax Credit Information Services Private Limited Experian Credit Information Company of India Private Limited TransUnion CIBIL Limited What are Credit Institutions (CIs)? Credit Institutions (CIs) mean the following institutions – Commercial Banks  Small Finance Banks (SFBs) Local Area Banks (LABs) Regional Rural Banks (RRBs) Primary (Urban) Co-operative Banks (UCBs) Rural Co-operative Banks – State Co-operative Banks (StCBs) Central Co-operative Banks (CCBs) All India Financial Institutions (AIFIs) regulated by RBI – Export I...
Post a Comment
Read more

Guidelines on Money Changing Activities (Updated as on April 02, 2026)

Reserve Bank of India (RBI) has updated the guidelines on money changing activities. Who is Authorised Person? Authorised Person means an authorised dealer, money changer, off-shore banking unit or any other person authorised under section 10(1) of Foreign Exchange Management Act, 1999 (FEMA) to deal in foreign exchange or foreign securities. What are the categories of Authorised Persons? Authorised Dealer (AD) Category-I – entities which are authorised by RBI to carry out all permissible current and capital account transactions. Authorised Dealer (AD) Category-II – entities which are authorised by RBI to carry out specified non-trade related current account transactions, all the activities permitted to Full Fledged Money Changers (FFMC) and any other activity as decided by RBI, and include (i) Upgraded FFMCs; (ii) Select Regional Rural Banks (RRBs); (iii) Select Urban Cooperative Banks (UCBs); and (iv) Other entities. Authorised Dealer (AD) Category-III – entities which are authorised...
Post a Comment
Read more