1. HDFC Bank Limited
Key Penalty Details
| Penalty Amount | ₹ 91.00 Lakh |
| Date of Order | November 18, 2025 |
| Regulatory Violation | Contravention of Banking Regulation Act (Section 19(1)(a) & 6(1)) and specific RBI directions. |
| Specific Charges |
|
Root Cause Analysis (Inferred)
- Process Design Failure (Loans): Lack of centralized control in the Core Banking System (CBS) allowing branch/product level discretion to select different interest rate benchmarks for identical loan products.
- Governance Oversight (Subsidiaries): Inadequate legal review mechanism to vet the business charters and operational activities of subsidiaries against Section 6 of the BR Act.
- Outsourcing Over-reliance: Misinterpretation of “Outsourcing Guidelines,” treating the decision-making aspect of KYC (compliance determination) as a processing task, rather than a core management function.
Recommended Preventive Controls
- Hard-coded System Logic: Implement hard-coded logic in the Loan Originating System (LOS) to enforce a single benchmark rate per loan category, removing manual override options.
- Subsidiary Audit Framework: Conduct quarterly “Permissible Business” audits for all subsidiaries to ensure activities align strictly with banking regulations.
- Maker-Checker for KYC: Ensure that while agents may collect documents, the final “Verified” status in the system can only be marked by a bank employee (Maker-Checker model).
Lessons Learnt
Compliance is non-delegable. Even when operations are outsourced or pushed to subsidiaries, the parent bank retains full regulatory liability. Specifically, core decision-making functions (like KYC verification or defining business scope) cannot be outsourced to third parties or algorithms without direct bank oversight.
RBI Press Release
2. Mannakrishna Investments Private Limited
Key Penalty Details
| Penalty Amount | ₹ 3.10 Lakh |
| Date of Order | November 25, 2025 |
| Regulatory Violation | Non-compliance with ‘NBFC Scale Based Regulation Directions, 2023’ regarding Governance Issues. |
| Specific Charges | Failure to take prior written permission from RBI before appointing a director, resulting in a change of management (change exceeding 30% of directors). |
Root Cause Analysis (Inferred)
- Knowledge Gap: Lack of awareness regarding the specific “Change in Management” clause within the Master Directions, specifically the 30% threshold rule.
- Procedural Lapse: The Secretarial department likely treated the appointment as a standard Companies Act procedure without cross-referencing RBI’s specific prior-approval requirements for NBFCs.
Recommended Preventive Controls
- Board Composition Matrix: Maintain a live “Board Matrix” dashboard that triggers an alert if proposed changes impact >25% of the director count, providing an early warning before hitting the 30% regulatory limit.
- Regulatory Impact Assessment (RIA): Mandate a signed RIA document from the Compliance Officer before any agenda item regarding Board Appointments is tabled for a meeting.
Lessons Learnt
NBFCs operate under a dual-compliance structure (Companies Act + RBI Act). Standard corporate governance practices are insufficient. Strategic changes, especially regarding Board composition and Management control, require a “Regulatory First” approach where RBI approval is a prerequisite, not a post-facto filing.
RBI Press Release
* Disclaimer: RCA and Preventive Controls are analytical inferences derived from the specific violation descriptions in the RBI Press Releases.