1. The Pali District Central Co-operative Bank Ltd., Rajasthan
Key Details
- Penalty Amount: ₹50,000
- Date of Order: March 17, 2026
- Inspecting Authority: NABARD (Position as of March 31, 2025)
- Violation: Non-compliance with KYC directions; failed to implement a system for periodic review of risk categorisation of accounts (required at least once in six months).
Root Cause Analysis (RCA)
The bank likely lacked an automated Core Banking System (CBS) trigger or a manual tracking matrix to flag accounts due for risk profiling. This points to a gap in operationalizing the ongoing due diligence aspect of KYC, treating KYC as a one-time onboarding activity rather than a dynamic lifecycle requirement.
Preventive Controls
- Implement automated CBS alerts to flag accounts 30 days prior to their 6-month risk review deadline.
- Establish a dedicated compliance desk responsible for generating and actioning monthly risk-review MIS reports.
Lessons Learnt
Regulatory focus on Anti-Money Laundering (AML) requires continuous monitoring. Periodic risk categorization is as crucial as initial customer identification to detect shifts in customer transaction behavior.
RBI Press Release
2. Loknete R.D. Appa, Kshirsagar Sahakari Bank Ltd., Maharashtra
Key Details
- Penalty Amount: ₹30,000
- Date of Order: March 11, 2026
- Inspecting Authority: RBI (Position as of March 31, 2025)
- Violation: Sanctioned loans to two of its directors (BR Act Sec 20(1)) and failed to furnish requisite information to the RBI inspecting officer (BR Act Sec 35(2)).
Root Cause Analysis (RCA)
There was a fundamental breakdown in corporate governance and conflict-of-interest checks during the loan origination process. Furthermore, the failure to provide information to regulators indicates either poor document archiving or a deliberate attempt to obscure the illicit transactions.
Preventive Controls
- Hard-code blocks in the loan origination software against PAN cards and CIFs associated with board directors and their declared relatives.
- Create an “Inspection Readiness Checklist” and designate a nodal officer to facilitate seamless data transfer during regulatory audits.
Lessons Learnt
Insider lending is treated with zero tolerance by the RBI. Transparency and full cooperation during statutory inspections are mandatory; obstructing an inspection compounds regulatory penalties.
RBI Press Release
3. Vedvyas Finance Private Limited, Odisha
Key Details
- Penalty Amount: ₹30,000
- Date of Order: March 16, 2026
- Inspecting Authority: RBI
- Violation: Failed to take prior written permission from RBI before appointing a director, which resulted in a management change exceeding 30% of its directors (excluding independent directors).
Root Cause Analysis (RCA)
The company secretarial team or legal counsel demonstrated a lack of awareness regarding NBFC governance thresholds. Board restructurings were likely executed purely from a Companies Act perspective without cross-referencing RBI Master Directions on NBFC changes in management.
Preventive Controls
- Implement a mandatory “Regulatory Clearance Matrix” that must be signed off by the Chief Compliance Officer before moving any board resolution regarding director appointments or resignations.
- Maintain a real-time tracker of the board composition percentage changes over the financial year.
Lessons Learnt
For regulated entities, sector-specific regulations supersede or run parallel to standard corporate law. Regulatory approval is a prerequisite, not an afterthought, for structural management changes.
RBI Press Release
4. The Mysore and Chamarajnagar District Co-operative Central Bank Limited, Karnataka
Key Details
- Penalty Amount: ₹1,00,000
- Date of Order: March 20, 2026
- Inspecting Authority: NABARD (Position as of March 31, 2025)
- Violation: Held shares in a co-operative society (Contravention of BR Act Sec 19) and failed to upload KYC records onto the Central KYC Records Registry (CKYCR) within timelines.
Root Cause Analysis (RCA)
The violation indicates a dual failure: an investment policy oversight leading to unauthorized capital allocation in another society, and technological/operational bottlenecks preventing the timely digitization and API transmission of KYC records to the national registry.
Preventive Controls
- Conduct a comprehensive audit of the investment portfolio to immediately divest non-compliant equity holdings.
- Integrate the account opening module with CKYCR APIs to ensure automated data pushing, eliminating manual batch upload delays.
Lessons Learnt
Strict adherence to capital deployment limits is essential to protect depositor funds. Additionally, participation in centralized databases (CKYCR) is mandatory for systemic integrity, and technological delays are not acceptable excuses.
RBI Press Release
5. The Kodagu District Co-operative Central Bank Limited, Karnataka
Key Details
- Penalty Amount: ₹1,00,000
- Date of Order: March 20, 2026
- Inspecting Authority: NABARD (Position as of March 31, 2025)
- Violation: Sanctioned director-related loans, contravening BR Act Section 20.
Root Cause Analysis (RCA)
Similar to the Loknete R.D. Appa case, this stems from poor credit appraisal mechanisms where related-party identifiers were either ignored, manually overridden by senior management, or simply not captured during the loan application stage.
Preventive Controls
- Enforce an annual, mandatory ‘Declaration of Interests’ updating process for all board members, listing all relative businesses.
- Introduce an independent secondary review in the credit sanctioning committee specifically dedicated to flagging related-party transactions.
Lessons Learnt
Fiduciary responsibility in cooperative banking prohibits self-dealing. Boards must be educated on the stringent legal boundaries regarding borrowing from the institutions they govern.
RBI Press Release
6. The Tanur Co-operative Urban Bank Limited, Kerala
Key Details
- Penalty Amount: ₹50,000
- Date of Order: March 20, 2026
- Inspecting Authority: RBI (Position as of March 31, 2025)
- Violation: Failed to upload the KYC records of customers onto the Central KYC Records Registry (CKYCR).
Root Cause Analysis (RCA)
A lack of IT infrastructure or dedicated operational bandwidth. The bank likely continued to store KYC documents locally in physical or disjointed digital formats without bridging the gap to the centralized government registry.
Preventive Controls
- Deploy a dedicated task force to clear the CKYCR upload backlog within a targeted timeframe.
- Make CKYCR upload a mandatory, unskippable step in the daily branch-level end-of-day (EOD) checklist.
Lessons Learnt
Co-operative urban banks must rapidly modernize their tech stacks. Compliance with national data registries is not optional and requires committed IT budgets and staff training.