Executive Summary: The Reserve Bank of India (RBI) has imposed a monetary penalty on The Hongkong and Shanghai Banking Corporation Limited. The penal action follows a statutory Inspection for Supervisory Evaluation (ISE) based on the bank’s financial position as of March 31, 2025, which revealed critical lapses in the management and reporting of Inoperative Accounts and Unclaimed Deposits.
1. Key Details of the Penalty
| Regulator | Reserve Bank of India (RBI) |
|---|---|
| Entity Penalised | The Hongkong and Shanghai Banking Corporation Limited |
| Penalty Amount | ₹ 31.80 Lakh (Rupees Thirty One Lakh Eighty Thousand) |
| Date of Order | March 18, 2026 |
| Statutory Provisions | Section 47 A(1)(c) read with Section 46(4)(i) of the Banking Regulation Act, 1949 |
| Primary Violations |
|
2. Root Cause Analysis (RCA)
While the regulatory order highlights the functional failures, an operational analysis suggests the following probable root causes:
- IT System Integration Gap: Lack of automated synchronization between the Core Banking System (CBS) where DEA funds are processed and the public-facing Web Content Management System (CMS) responsible for hosting the searchable database.
- Change Management Deficiencies: Inadequate tracking and delayed implementation of RBI’s ‘Revised Instructions’ regarding the technical mandate to generate specific Unclaimed Deposits Reference Numbers (UDRN).
- Oversight in Compliance Monitoring: Failure of internal concurrent audits and compliance testing routines to identify the absence of the UDRN generation and the missing web database before the statutory RBI inspection.
3. Preventive Controls & Remediation
To mitigate future risks and align with regulatory expectations, the following controls should be institutionalized:
- Automated UDRN Logic Integration: Deploy a system-level logic within the CBS to automatically generate and assign a unique UDRN the moment an account is flagged for transfer to the DEA Fund.
- Real-Time Database Syncing: Establish an API-driven integration to securely feed unclaimed deposit data (excluding sensitive PII) directly to the bank’s website to ensure the searchable database is always current and compliant.
- Pre-transfer Validation Checkers: Implement a hard-stop validation in the DEA fund transfer workflow that prevents any funds from being moved without an attached, valid UDRN.
- Targeted Regulatory Audits: Introduce quarterly internal IT-compliance audits specifically focused on customer-facing regulatory portals (like unclaimed deposits) rather than just backend financial accuracy.
4. Lessons Learnt
- Customer-Centric Directives are High Priority: RBI is increasingly strict regarding guidelines that directly impact customer awareness and recovery of funds (like the DEA fund and searchable databases). These cannot be treated as secondary compliance items.
- Technology must keep pace with Regulation: Compliance is no longer just a legal function; it is heavily reliant on IT infrastructure. Delays in IT deployment directly result in regulatory breaches.
- Reputational Impact: While the monetary penalty (₹31.80 lakh) may be financially immaterial to a large institution, the public disclosure of failing to assist customers in finding their unclaimed deposits carries significant reputational risk.