Month: August 2024

(RBI vide circular dated 15.07.2024.)

Applicability: The guidelines issued vide the said circular are applicable to all commercial banks and Financial Institutions including Exim Bank, SIDBI NABARD, NaBFID, NHB. 

Governance Structure:  All banks shall have approved policy, ensuring principles of natural justice, on fraud risk management, where roles and responsibilities of Bard/Board committees and senior management of the banks shall be delineated.  The minimum which shall the policy of the banks include is

• Issuance of Show Cause Notice (SCN) to the Persons, Entities and its Promoters/whole time and executive directors against whom allegations of fraud is being examined.  The SCN shall provide complete details of transactions/ actions/ events basis  which declaration and reporting of a fraud is being contemplated under the directions.
• A reasonable time of not less than 21 days shall be provided to the parties to whom the notice is given.
• The banks shall have well laid out system of issuance of SCN and examination of the responses submission made by the persons/entities prior to declaring such Persons/ Entities as fraudulent.
• A reasonable order shall be served on Persons/ Entities conveying the decision of the bank regarding declaration/classification of the account as fraud or otherwise.  Such order(s) must contain the relevant facts. circumstances relied upon, the submission made gains the SCN and the reasons for classification as fraud or otherwise.

The policy shall be reviewed by the Board at least once in three years or more frequently as the board may prescribe.

Special Committee of the Board for Monitoring and Follow up of cases of Fraud: Banks shall constitute special Committee of the Board for Monitoring and follow up of cases of Fraud (SCBMF) with a minimum of three members of the Board, consisting of a whole time director and a minimum of two independent directors / non executive directors.

The committee shall oversee the effectiveness of the fraud risk management of the bank.  It shall review and monitor cases of fraud, including root cause analysis and suggest mitigating measures for strengthening the internal controls, risk management framework and minimizing the incidents of frauds. 

Role of Senior Management: It shall be responsible for implementation of the fraud risk management policy approved by the board.  A periodic review of the incidents of fraud shall be placed before the board/audit committee of the board. 

A senior official of the bank not below the rank of General Manager shall be responsible for monitoring and reporting of frauds.

Early Detection of Frauds – Framework for Early Warning Signals (EWS) and Red Flagging of Accounts (RFA)

Banks shall have a framework for Early Warning Signals (EWS) and Red Flagging of Accounts (RFA) under the overall Fraud Risk Management Policy approved by the Board.  The Risk Management Committee of the Board (RMCB) shall oversee the effectiveness of the framework for EWS and RFA. The Senior Management shall be responsible for implementation of a robust Framework for EWS and RFA within the bank. 

• The EWS indicators identified for monitoring credit facilities / loan accounts and other banking transactions shall be approved by the RMCB. Appropriate Turnaround Time (TAT), preferably not more than 30 days, for examination of EWS alerts / triggers shall be prescribed by the RMCB.

EWS / RFA Framework for Credit Facilities / Loan Accounts

The EWS system shall be comprehensive and designed to include both the quantitative and qualitative indicators to make the framework robust and effective.

Data Analytics and Market Intelligence (MI) Unit: Banks shall set up a dedicated Data Analytics and MI Unit keeping in view their size, complexity, business mix, risk profile, etc. Such Unit shall facilitate collection and processing of relevant information to enable an early detection and prevention of potentially fraudulent activities.   An account meeting the CRILC reporting threshold by the reporting entity, once red flagged, shall be reported to the Reserve Bank within seven days of being red flagged

EWS Framework for other banking / non-credit related transactions

Banks shall develop / strengthen their EWS system by identifying suitable indicators and parameterising them in their EWS system for monitoring other banking / non-credit related transactions within 6 months of the issuance of these directions. 

Credit facility / Loan account classified as Red-flagged Account and Reporting of Fraud

In case of a credit facility / loan account classified as red-flagged account, banks shall use an external auditor an internal audit as per their Board approved Policy, for further investigation in such accounts. 

The loan agreement with the borrower shall contain clauses for conduct of such audit at the behest of lender(s) consequent upon red flagging of the account. In cases where the audit report submitted remains inconclusive or is delayed due to non-cooperation by the borrower, banks shall conclude on status of the account as a fraud or otherwise based on the material available on their record and their own internal investigation / assessment in such cases. 

The decision to classify any account, either standard or NPA, as a red-flagged account shall be at the individual bank level and such bank(s) shall report the status of the account on the Reserve Bank’s CRILC platform immediately (not later than seven days from date of classification as red-flagged account).

Once an account has been red-flagged, the entire process of classification of the account as fraud or removal of red-flagged status shall ordinarily be completed within 180 days from the date of first reporting of the account as red-flagged on the CRILC platform. Cases remaining in red-flagged status beyond 180 days shall be reported to the SCBMF for review with adequate reasoning / justification thereof. Such cases shall also be subject to supervisory review by the Reserve Bank.

In case an account is identified as a fraud by any bank, the borrowal accounts of other group companies, in which one or more promoter(s) / whole-time director(s) are common, shall also be subjected to examination by banks concerned from fraud angle under these Directions.

In cases where Law Enforcement Agencies (LEAs) have suo moto initiated investigation involving a borrower account, bank/s shall immediately red-flag the account and follow the usual process for classification of account as fraud and complete the same within the stipulated period. 

Independent confirmation from the third-party service providers including professionals

Banks place reliance on various third-party service providers as part of pre-sanction appraisal and post-sanction monitoring. Therefore, banks may incorporate necessary terms and conditions in their agreements with third-party service providers to hold them accountable in situations where wilful negligence / malpractice by them is found to be a causative factor for fraud.

Banks shall, after complying with the principles of natural justice, report to Indian Banks’ Association (IBA) the details of such third parties or professionals involved in frauds. IBA would, in turn, prepare caution lists of such third parties for circulation among the banks.

Staff Accountability

Banks shall initiate and complete the examination of staff accountability in all fraud cases in a time-bound manner in accordance with their internal policy.

PSBs and AIFIs shall conduct examination of staff accountability as per the guidelines issued by the Central Vigilance Commission (CVC). In terms of CVC Order, PSBs and AIFIs shall also refer all fraud cases of amount involving ₹3 crore and above for examining the role of all levels of officials / whole-time directors (including ex-officials / ex-WTDs) to the Advisory Board for Banking and Financial Frauds (ABBFF) constituted by the CVC.

In cases involving very senior executives of the bank (MD & CEO / Executive Director / Executives of equivalent rank), the ACB shall initiate examination of their accountability and place it before the Board. However, in case of PSBs and AIFIs, such cases shall also be referred to the ABBFF.

Penal Measures

Persons / Entities classified and reported as fraud by banks and also Entities and Persons associated with such Entities, shall be debarred from raising of funds and / or seeking additional credit facilities from financial entities regulated by RBI, for a period of five years from the date of full repayment of the defrauded amount / settlement amount agreed upon in case of a compromise settlement.

Lending to such Persons / Entities, being commercial decisions, the lending banks shall have the sole discretion to entertain or decline such requests for credit facilities after the expiry of the mandatory cooling period. 

Treatment of accounts under Resolution

In case an entity classified as fraud has subsequently undergone a resolution either under IBC or under the resolution framework of RBI²² resulting in a change in the management and control of the entity / business enterprise, the bank shall examine whether the entity shall continue to remain classified as fraud or the classification as fraud could be removed after implementation of the Resolution Plan under IBC or aforesaid prudential framework. This would, however, be without prejudice to the continuance of criminal action against erstwhile promoter(s) / director(s) / person(s) who were in charge and responsible for the management of the affairs of the entity / business enterprise.

The penal measures as detailed above shall not be applicable to entities / business enterprises after implementation of the Resolution Plan under IBC or aforesaid prudential framework.

The penal measures as detailed shall continue to apply to the erstwhile promoter(s) / director(s) / persons who were in charge and responsible for the management of the affairs of the entity / business enterprise.

Reporting of Frauds to Law Enforcement Agencies (LEAs)

Banks shall immediately report the incidents of fraud to LEAs, subject to applicable laws, as indicated below:

Banks shall establish suitable nodal point(s) / designate officer(s) for reporting incidents of fraud to LEAs and for proper coordination to meet the requirements of the LEAs

Reporting of Incidents of Fraud to Reserve Bank of India (RBI)

To ensure uniformity and consistency while reporting incidents of fraud to RBI through Fraud Monitoring Returns (FMRs) using online portal, banks shall choose the most appropriate category from any one of the following:

1. Misappropriation of funds and criminal breach of trust;
2. Fraudulent encashment through forged instruments;
3. Manipulation of books of accounts or through fictitious accounts, and conversion of property;
4. Cheating by concealment of facts with the intention to deceive any person and cheating by impersonation;
5. Forgery with the intention to commit fraud by making any false documents/electronic records;
6. Wilful falsification, destruction, alteration, mutilations of any book, electronic record, paper, writing, valuable security or account with intent to defraud;
7. Fraudulent credit facilities extended for illegal gratification;
8. Cash shortages on account of frauds;
9. Fraudulent transactions involving foreign exchange;
10. Fraudulent electronic banking / digital payment related transactions committed on banks; and
11. Other type of fraudulent activity not covered under any of the above.

Central Fraud Registry (CFR)

Modalities of Reporting Incidents of Fraud to RBI:  Banks are required to report payment system related disputed / suspected or attempted fraudulent transactions to Central Payments Fraud Information Registry (CPFIR), maintained by RBI. However, such transactions, if subsequently concluded as fraud committed on bank(s), shall invariably be reported through FMR so as to be reflected in CFR.

Modalities of Reporting Incidents of Fraud to RBI

Banks shall furnish FMR in individual fraud cases, irrespective of the amount involved, immediately, but not later than 14 days from the date of classification of an incident / account as fraud

Banks shall also report frauds perpetrated in their group entities to RBI separately, if such entities are not regulated / supervised by any financial sector regulatory / supervisory authority. However, in case of overseas banking group entity of Indian banks, the parent bank shall also report incidents of fraud to RBI. The group entities will have to comply with the principles of natural justice before declaration of fraud

Closure of Fraud Cases Reported to RBI

Banks shall close fraud cases using ‘Closure Module’ where the actions as stated below are complete:

1. The fraud cases pending with LEAs / Court are disposed off; and
2. The examination of staff accountability has been completed.

Banks are allowed, for limited statistical / reporting purposes, to close those reported fraud cases involving amount up to ₹1 crore, where examination of staff accountability and disciplinary action, if any, have been taken and:

1. The investigation is going on or charge-sheet has not been filed in the Court by LEA for more than three years from the date of registration of First Information Report (FIR); or
2. The charge-sheet is filed by the LEAs in trial court and the trial in the court has not commenced or is pending before the court for more than three years from the date of registration of FIR.

In all closure cases of reported frauds, banks shall maintain details of such cases for examination by auditors.

Cheque Related Frauds – Reporting to LEAs and RBI / NABARD

To ensure uniformity and avoid duplication, reporting of frauds involving forged instruments, including fake / forged instruments sent in clearing in respect of truncated instruments, shall continue to be done by the paying banker and not by the presenting banker. In such cases the presenting bank shall immediately handover the underlying instrument to the drawee / paying bank, as and when demanded, to enable them to inform LEAs for investigation and further action under law and to report the fraud to RBI.

However, in the case of presentment of an instrument which is genuine but payment has been made to a person who is not the true owner; or where the amount has been credited before realisation and subsequently the instrument is found to be fake / forged and returned by the paying bank, the presenting bank which is defrauded or is put to loss by paying the amount before realisation of the instrument shall file the fraud report with the RBI and inform the LEAs for investigation and further action under law.

Legal Audit of Title Documents in respect of Large Value Loan Accounts

Banks shall subject the title deeds and other related title documents in respect of all credit facilities of ₹5 crore and above to periodic legal audit and re-verification, till the loan is fully repaid.

Specific to Small Finance Banks, Local Area Banks and Regional Rural Banks, the threshold amount for periodic legal audit of title deeds and other related title documents shall continue to be ₹1 crore.

Treatment of Accounts classified as Fraud and sold to other Lenders / Asset Reconstruction Companies (ARCs)

Banks shall complete the investigation from fraud angle before transferring the loan account / credit facility to other lenders / ARCs. In cases where banks conclude that a fraud has been perpetrated in the account, they shall report it to RBI / NABARDbefore selling the accounts to other lenders / ARCs

‘Date of Occurrence’, ‘Date of Detection’ and ‘Date of Classification’ of Fraud – for the purpose of reporting under FMR

The ‘date of occurrence’ is the date when the actual misappropriation of funds has started taking place, or the event occurred, as evidenced / reported in the audit or other findings.

The ‘date of detection’ to be reported in FMR is the actual date when the fraud came to light in the concerned branch / audit / department, as the case may be, and not the date of approval by the competent authority of the bank.

The ‘date of classification’ is the date when due approval from the competent authority has been obtained for such classification, and the reasoned order is passed.

Reporting Cases of Theft, Burglary, Dacoity and Robbery

Banks shall report instances of theft, burglary, dacoity and robbery (including attempted cases), to Fraud Monitoring Group (FMG), Department of Supervision, Central Office, Reserve Bank of India, immediately (not later than seven days) from their occurrence. Banks shall also submit a quarterly Return (RBR) on theft, burglary, dacoity and robbery to RBI using online portal, covering all such cases during the quarter. This shall be submitted within 15 days from the end of the quarter to which it relates.