1. IIFL Samasta Finance Limited
Key Details
- Penalty Amount: ₹3.90 lakh.
- Regulatory Violation: Non-compliance with ‘Know Your Customer (KYC)’ and ‘Fraud Risk Management in NBFCs’ directions.
- Specific Failures: The company failed to put in place a robust software for the effective identification and reporting of suspicious transactions. Additionally, it failed to disclose correct details of frauds reported for the financial year 2024-25 within the Financial Statement – Notes to Accounts.
Root Cause Analysis (RCA)
The failure indicates an inadequate or outdated IT infrastructure that lacked automated logic to flag anomalous transaction patterns. Furthermore, the incorrect financial disclosures point to a breakdown in inter-departmental reconciliation between the fraud monitoring unit and the financial reporting/accounting teams.
Preventive Controls
- Deploy comprehensive Anti-Money Laundering (AML) software equipped with AI/ML capabilities to automate suspicious transaction identification.
- Implement a strict “Maker-Checker” validation process for drafting and approving the ‘Notes to Accounts’ before finalizing annual financial statements.
Lessons Learned
Robust technological infrastructure is no longer optional but a baseline requirement for KYC compliance. Transparency in financial reporting is strictly enforced by regulators, meaning operational errors in public disclosures will attract direct monetary penalties.
RBI Press Release
2. True Credits Private Limited
Key Details
- Penalty Amount: ₹3.10 lakh.
- Regulatory Violation: Non-compliance with ‘Know Your Customer (KYC)’ Directions.
- Specific Failures: The company did not undertake Enhanced Due Diligence (EDD) measures for certain customers who were onboarded via non-face-to-face modes.
Root Cause Analysis (RCA)
A flaw in the digital onboarding (V-CIP/e-KYC) workflow system. The risk-scoring algorithm likely failed to correctly categorize remote applicants as higher-risk or the system lacked a mandatory trigger to halt remote onboarding until EDD was manually completed.
Preventive Controls
- Redesign the digital onboarding flow to enforce mandatory EDD documentation collection before activating non-face-to-face accounts.
- Institute periodic internal audits specifically targeting accounts opened via digital channels to ensure EDD compliance gaps are caught early.
Lessons Learned
While non-face-to-face onboarding provides business scale, it inherently carries higher money-laundering risks. Regulators expect these channels to be gatekept with stringent, actively managed due diligence measures.
RBI Press Release
3. The Karnal Central Cooperative Bank Limited, Haryana
Key Details
- Penalty Amount: ₹3 lakh.
- Regulatory Violation: Non-compliance with KYC directions.
- Specific Failures: The bank failed to put in place a system for the periodic review of risk categorisation of accounts. It also failed to implement robust software for identifying and reporting suspicious transactions.
Root Cause Analysis (RCA)
The bank heavily relied on static, manual KYC processes without continuous monitoring. The absence of a dynamic risk-scoring system meant customer profiles were not updated based on their evolving financial behavior.
Preventive Controls
- Integrate an automated Risk Categorisation Module within the Core Banking System (CBS) that flags accounts for periodic KYC updates based on their risk bucket (Low/Medium/High).
- Procure and operationalize a standard AML tracking software suitable for cooperative banking volumes.
Lessons Learned
KYC is not a one-time onboarding activity. Cooperative banks must modernize their legacy systems to continuously monitor account risks and transaction patterns to remain compliant.
RBI Press Release
4. Repco Home Finance Limited
Key Details
- Penalty Amount: ₹70,000.
- Regulatory Violation: Non-compliance with the ‘Fair Practice Code’.
- Specific Failures: The company failed to disclose its approach for gradation of risk and the rationale for charging different rates of interest to different categories of borrowers within its application forms and sanction letters.
Root Cause Analysis (RCA)
An omission in the design of standard customer-facing documentation. The legal and product teams failed to translate internal pricing policies into transparent consumer disclosures during the template drafting phase.
Preventive Controls
- Overhaul all loan application forms and sanction letter templates to include a mandatory, clear section explaining the risk-based pricing rationale.
- Establish an annual compliance review of all customer-facing documentation against the latest Fair Practice Code guidelines.
Lessons Learned
Pricing transparency is a core pillar of consumer protection. Borrowers have a regulatory right to understand exactly why they are being assigned a specific interest rate based on their risk profile.
RBI Press Release
5. The Amravati Merchants Sahakari Bank Ltd., Maharashtra
Key Details
- Penalty Amount: ₹50,000.
- Regulatory Violation: Non-compliance regarding ‘Loans and Advances to Directors, their Relatives, and Firms / Concerns in which they are Interested’.
- Specific Failures: The bank had inappropriately sanctioned certain director-related loans.
Root Cause Analysis (RCA)
A breakdown in corporate governance and conflict-of-interest checks during the credit underwriting process. Board members or their affiliates bypassed standard exclusionary protocols.
Preventive Controls
- Implement a mandatory “Conflict of Interest” declaration for all loan applications.
- Configure hard-stops in the loan origination system utilizing a database of Directors and their known relatives/associated entities, requiring exceptional external compliance approval to bypass.
Lessons Learned
Insider lending regulations are strictly enforced to protect depositor funds. Cooperative banks must uphold rigorous corporate governance standards, and credit committees must operate independently of board influence.