Progressive Mercantile Co-operative Bank Limited
Key Details
- Penalty Imposed: The Reserve Bank of India (RBI) imposed a monetary penalty of ₹3 lakh on Progressive Mercantile Co-operative Bank Limited in Ahmedabad, Gujarat, via an order dated September 8, 2025.
- Reason for Penalty: The penalty was imposed for non-compliance with certain RBI directives related to ‘Inspection & Audit Systems in Primary (Urban) Co-operative Banks’, ‘Know Your Customer’ (KYC), and ‘Customer Protection Limiting Liability of Customers of Co-operative Banks in Unauthorized Electronic Banking Transactions’.
- Inspection Period: The non-compliance was identified during a statutory inspection of the bank’s financial position as of March 31, 2024.
Root Cause Analysis (RCA)
Based on the supervisory findings, the root causes for the bank’s non-compliance likely stem from systemic and procedural failures.
- Audit System Failures: The bank conducted concurrent audits on a quarterly basis instead of performing a simultaneous check of transactions, and audit reports were submitted with delays. The purpose of concurrent audit is to provide an early warning system to detect irregularities and lapses in a timely manner, which the bank failed to do. The delay suggests a lack of sufficient staffing or an inefficient process for auditing, which undermines the continuous, forward-looking nature of a concurrent audit.
- KYC and Customer Protection Lapses: The bank failed to periodically review the risk categorization of certain accounts, which is required at least once every six months. This indicates a lack of a robust system to monitor and update customer risk profiles, which is a key component of KYC norms. Additionally, the bank failed to enable customers to instantly respond to SMS alerts for unauthorized electronic banking transactions. This failure suggests inadequate implementation of the required technology or a deficiency in the customer protection policy, leaving customers vulnerable to fraudulent activities.
Preventive Controls
To prevent similar non-compliance issues, the bank should implement the following controls:
- Strengthen Internal Audit: The bank must transition from a quarterly concurrent audit to a continuous, real-time auditing process. This can be achieved by leveraging technology, such as audit automation platforms, to monitor transactions as they occur. The bank should also establish a clear and strict timeline for report submission and ensure sufficient human resources are dedicated to the audit function.
- Automate KYC Reviews: The bank needs to automate its system for periodic risk categorization reviews. An automated system can flag accounts for review based on transaction patterns or a predefined schedule, ensuring reviews are completed at least every six months as required. This reduces the risk of human error and ensures timely compliance.
- Enhance Customer Protection: The bank must enable a two-way communication system for SMS alerts, allowing customers to instantly reply to object to unauthorized transactions. This requires an upgrade to their electronic banking system to support the ‘reply’ function and to integrate it with their fraud detection and customer service teams.
Lessons Learned
The penalty serves as a reminder that regulatory compliance is not a one-time task but an ongoing commitment. The key takeaways for the bank are:
- Proactive Compliance is Crucial: Banks must shift from a reactive to a proactive compliance model. This means regularly reviewing internal processes and systems against the latest RBI guidelines to identify and fix deficiencies before an inspection reveals them.
- Technology is a Key Enabler: Manual processes are often prone to delays and errors. Investing in and effectively using technology for concurrent audits and customer protection can significantly improve compliance and efficiency.
- Integrity of Regulatory Frameworks: Failing to adhere to key regulatory frameworks like KYC and audit systems exposes the bank to significant operational and reputational risks. The penalty highlights the RBI’s stringent enforcement of these norms to ensure the safety and soundness of the banking sector and protect customer interests.
RBI Press Release
Sikkim State Co-operative Bank Limited
Key Details
- Penalty Imposed: The RBI imposed a monetary penalty of ₹50,000 on Sikkim State Co-operative Bank Ltd. through an order dated September 8, 2025.
- Reason for Penalty: The bank was penalized for non-compliance with RBI directions on ‘Know Your Customer (KYC)’.
- Inspection Period: The non-compliance was discovered during a statutory inspection conducted by the National Bank for Agriculture and Rural Development (NABARD) with reference to the bank’s financial position as of March 31, 2024.
Root Cause Analysis (RCA)
The core issue leading to the penalty was the bank’s failure to upload the KYC records of customers to the Central KYC Records Registry (CKYCR) within the prescribed timeline. The RCA for this failure likely includes:
- Procedural Inefficiency: The bank may have a manual or semi-automated process for uploading KYC records, which could be slow and prone to backlogs. This can result in a significant delay between customer onboarding and the actual uploading of their records to the CKYCR.
- Lack of Prioritization: The bank might not have prioritized the timely submission of KYC data to the central registry. This could be due to a lack of awareness of the regulatory timelines or an underestimation of the importance of CKYCR compliance.
- Technical Issues: There could be technical glitches or a lack of proper integration between the bank’s internal systems and the CKYCR portal, leading to data upload failures or rejections. Mismatches in data, such as with PIN codes, can also cause records to be rejected upon upload.
Preventive Controls
To prevent future penalties related to CKYCR non-compliance, the bank should implement the following:
- Automated and Timely Uploads: The bank must ensure that its systems are configured to automatically upload KYC records to the CKYCR within the prescribed timeline, which is typically within three days of establishing a customer relationship.
- Dedicated Compliance Team: The bank should designate a specific team or officer to oversee CKYCR compliance, ensuring all data is accurate and uploaded on time. This team would be responsible for monitoring the status of uploads and addressing any rejections or issues promptly. * Regular Audits and Reconciliation: The bank should perform regular internal audits to reconcile the number of new accounts opened with the number of KYC records successfully uploaded to the CKYCR. This will help identify any discrepancies and address them immediately.
Lessons Learned
The penalty on Sikkim State Co-operative Bank underscores the importance of adhering to CKYCR regulations. Key lessons include:
- Compliance with CKYCR is Mandatory: The CKYC system is a critical component of India’s anti-money laundering (AML) and combating the financing of terrorism (CFT) framework. Banks are legally obligated to follow the rules and timelines for uploading customer data to this central registry.
- Regulatory Scrutiny is High: The RBI and other supervisory bodies, like NABARD, are actively monitoring for lapses in KYC compliance. Banks must be aware that non-compliance will be detected and penalized, regardless of the bank’s size.
- Consequences Beyond Penalties: While the monetary penalty is a direct consequence, non-compliance also carries risks of reputational damage, operational restrictions, and increased scrutiny from regulators.