1. Sarvodaya Commercial Cooperative Bank Ltd., Mehsana, Gujarat
Penalty: ₹5 lakh
Key Details:
- Excess donations to trusts beyond regulatory ceiling.
- Misrepresentation of financial statements (profits and assets).
- Delayed concurrent audit and lack of simultaneous checks.
- Improper NPA categorisation.
- No periodic review of account risk categorisation (should be 6 months).
RCA:
- Weak governance and compliance monitoring.
- Ineffective internal audit and oversight.
- Lack of adherence to KYC and asset classification norms.
- Failure in timely and accurate reporting mechanisms.
Preventive Controls:
- Strengthen Board-level oversight on donations and charitable spending.
- Implement automated MIS for accurate financial statement reporting.
- Establish robust concurrent audit framework with real-time checks.
- Deploy NPA monitoring tools integrated with CBS.
- Set up alerts for semi-annual risk categorisation reviews.
Lessons Learnt:
- Regulatory ceilings are absolute; even minor excesses attract penalties.
- Transparency in financial reporting is non-negotiable.
- Compliance must be embedded into operations, not post-facto.
RBI Press Release
2. Sardargunj Mercantile Co-operative Bank Ltd., Patan, Gujarat
Penalty: ₹1 lakh
Key Details:
- Accepted interest-free deposits in accounts other than current accounts.
RCA:
- Lack of awareness/training on RBI’s “Interest Rate on Deposits” directions.
- Weak compliance check before accepting deposits.
Preventive Controls:
- Update deposit policy to disallow non-permissible interest-free deposits.
- Train frontline staff on RBI deposit guidelines.
- Introduce system-level restrictions in CBS for deposit product validation.
Lessons Learnt:
- Even small violations in deposit acceptance invite penalties.
- Compliance awareness at branch level is critical.
RBI Press Release
3. Maharashtra Gramin Bank, Aurangabad
Penalty: ₹4.20 lakh
Key Details:
- Delayed reporting of frauds to NABARD.
- No system for periodic review of risk categorisation of accounts.
RCA:
- Inadequate fraud monitoring and reporting mechanism.
- Weak KYC/risk categorisation framework.
Preventive Controls:
- Establish fraud reporting SOP with escalation timelines.
- Integrate fraud detection alerts in OSS/FMS.
- Automate periodic risk categorisation reviews.
Lessons Learnt:
- Delay in fraud reporting erodes regulator’s trust.
- Risk categorisation is a continuous obligation, not a one-time task.
RBI Press Release
4. Shree Bharat Co-operative Bank Ltd., Vadodara, Gujarat
Penalty: ₹2.50 lakh
Key Details:
- No system of Internal Audit.
- Failed to identify and classify NPAs on an ongoing basis.
- No periodic review of risk categorisation of accounts.
RCA:
- Weak internal control framework.
- Over-reliance on external audits without internal checks.
- Lack of continuous monitoring of advances.
Preventive Controls:
- Implement internal audit function with defined charter and reporting lines.
- Automate NPA recognition in CBS.
- Conduct half-yearly risk categorisation reviews.
Lessons Learnt:
- Internal audit is a critical first line of defense.
- Failure to identify NPAs timely leads to regulatory action and reputational loss.
RBI Press Release
5. Uma Co-operative Bank Ltd., Vadodara, Gujarat
Penalty: ₹1 lakh
Key Details:
- Failed to conduct internal audit from April 2022 to March 2024.
RCA:
- Governance lapse with no audit oversight for 2 years.
- Possible resource or policy neglect in audit scheduling.
Preventive Controls:
- Maintain audit calendar with Board approval.
- Mandate audit completion as per RBI timelines.
- Escalate delays directly to Audit Committee of the Board.
Lessons Learnt:
- Skipping internal audits is a direct red flag to RBI.
- Audit is not optional — it is a regulatory requirement.
RBI Press Release
Overall Insights
- Common Issues: Internal audit gaps, delayed reporting, weak KYC/risk categorisation, and improper NPA classification.
- Regulatory Expectation: Banks must demonstrate a culture of proactive compliance, not reactive correction.
- ERM Implication: Non-compliance penalties impact reputation and capital; embedding risk and compliance culture is essential.