Reason for Penalty: Contravention of provisions of Section 20 read with Section 56 of the Banking Regulation Act, 1949 (BR Act). The bank was found to have sanctioned director-related loans. Statutory compliance based on their financial position as of March 31, 2024.
Inspection Conducted by: National Bank for Agriculture and Rural Development (NABARD).
Root Cause Analysis (RCA):
The primary cause was the bank’s failure to adhere to the regulations prohibiting loans to directors. This suggests a breakdown in internal controls and governance, where the board or management either lacked awareness of the statutory provisions or intentionally bypassed them for personal or related-party benefits. The inspection by NABARD identified this specific violation, leading to the RBI’s penalty.
Preventive Controls:
Implement and enforce a strict policy on director and related-party loans, aligned with the BR Act.
Establish a robust internal audit and compliance function to regularly review loan sanctions and flag any potential violations of statutory provisions.
Provide mandatory training for the board of directors and senior management on the latest regulatory guidelines, especially concerning lending norms and conflicts of interest.
Lessons Learned:
Banks must maintain a clear distinction between governance and business operations. Lending decisions must be free from personal influence to ensure financial stability and regulatory compliance.
Continuous monitoring and a strong compliance culture are essential to prevent statutory contraventions.
The Ahmedabad Mercantile Co-operative Bank Limited
Key Details:
Penalty Imposed: ₹23,000 (Rupees Twenty Three Thousand only).
Date of Order: September 17, 2025.
Reason for Penalty: Non-compliance with RBI directions on ‘Membership of Credit Information Companies by Co-operative Banks’. Specifically, the bank failed to submit certain credit information of its borrowers to Credit Information Companies (CICs). Statutory compliance based on their financial position as of March 31, 2024.
Inspection Conducted by: Reserve Bank of India (RBI).
Root Cause Analysis (RCA):
The failure to submit credit information indicates a lapse in the bank’s data management and reporting processes. This could be due to a lack of a clear process for data submission to CICs, technical issues with their IT systems, or a lack of understanding of the regulatory requirement.
Preventive Controls:
Automate the process of reporting borrower data to CICs to ensure timely and accurate submissions.
Conduct regular audits of data reporting mechanisms to verify compliance with RBI’s directions on credit information reporting.
Provide ongoing training to relevant staff on the importance and procedure of reporting to CICs.
Lessons Learned:
Timely and accurate reporting of credit data is crucial for maintaining a healthy credit ecosystem. Non-compliance can have systemic repercussions and warrants strict action.
Technology and well-defined processes are vital for meeting regulatory reporting obligations.
Penalty Imposed: ₹3.75 lakh (Rupees Three lakh seventy five thousand only).
Date of Order: September 17, 2025.
Reason for Penalty: Non-compliance with directions on ‘Reporting of Unusual Cyber Security Incidents’. The bank failed to report incidents like unplanned downtime that led to significant customer service disruptions due to the non-availability of its IT systems. Statutory compliance based on their financial position as of March 31, 2024.
Inspection Conducted by: Reserve Bank of India (RBI).
Root Cause Analysis (RCA):
The bank’s failure to report cyber security incidents points to a weak or non-existent incident response protocol. This could be caused by a lack of a dedicated IT security team, an unclear reporting hierarchy, or an attempt to conceal service disruptions.
Preventive Controls:
Implement a comprehensive cyber security incident response plan with clear roles, responsibilities, and reporting timelines.
Establish a dedicated channel for promptly reporting IT system downtime and other security incidents to RBI.
Conduct regular mock drills and simulations to test the effectiveness of the incident response plan.
Lessons Learned:
Cyber security is a critical aspect of banking operations. Prompt reporting of incidents is essential for regulatory oversight and for a coordinated response to potential threats.
A proactive approach to IT security and incident management is far more effective than a reactive one.
The Jalgaon District Central Co-operative Bank Ltd.
Key Details:
Penalty Imposed: ₹3.50 lakh (Rupees Three Lakh Fifty Thousand only).
Date of Order: September 15, 2025.
Reason for Penalty: Contravention of Section 20 read with Section 56 of the BR Act and non-compliance with RBI directions on ‘Know Your Customer (KYC)’. The bank was found to have:
Sanctioned director-related loans.
Allotted multiple customer identification codes instead of a Unique Customer Identification Code (UCIC) for each individual customer.
Inspection Conducted by: National Bank for Agriculture and Rural Development (NABARD). Statutory compliance based on their financial position as of March 31, 2024.
Root Cause Analysis (RCA):
The two violations point to a dual failure in compliance: one in governance (lending to directors) and another in operational processes (KYC and UCIC management). The lack of a UCIC system suggests outdated or inefficient data management practices and a failure to implement a core KYC requirement.
Preventive Controls:
Mandate a single, unique customer identification code (UCIC) for all new and existing customers. This requires a system-wide update to the customer information database.
Implement automated checks to prevent the sanctioning of loans to directors.
Conduct regular internal and external audits focused on both lending practices and KYC compliance.
Lessons Learned:
Compliance extends across all facets of a bank’s operations, from high-level lending decisions to granular customer data management.
Adopting and maintaining a single source of truth for customer data (like UCIC) is fundamental for effective compliance and risk management.
Chandrapur District Central Co-operative Bank Ltd.
Key Details:
Penalty Imposed: ₹4.50 lakh (Rupees Four Lakh Fifty Thousand only).
Date of Order: September 15, 2025.
Reason for Penalty: Contravention of Section 26A read with Section 56 of the BR Act and non-compliance with RBI directions on ‘Know Your Customer (KYC)’. The bank was found to have:
Failed to transfer unclaimed amounts to the Depositor Education and Awareness (DEA) Fund within the prescribed time.
Failed to upload KYC records to the Central KYC Records Registry (CKYCR) within the timeline.
Allotted multiple customer identification codes instead of a Unique Customer Identification Code (UCIC).
Inspection Conducted by: National Bank for Agriculture and Rural Development (NABARD). Statutory compliance based on their financial position as of March 31, 2024.
Root Cause Analysis (RCA):
This bank’s violations stem from a combination of operational and statutory non-compliance. The failure to transfer funds to the DEA Fund and upload CKYCR records suggests a lack of automated processes and a potential backlog in compliance tasks. The multiple UCIC issue is a fundamental data management failure.
Preventive Controls:
Establish a scheduled, automated process to identify and transfer unclaimed deposits to the DEA Fund.
Implement a robust system for CKYCR uploads, ensuring that customer KYC records are submitted within the required timeframe.
Migrate to a single UCIC system and conduct a data cleansing exercise to merge duplicate records.
Lessons Learned:
A piecemeal approach to compliance is not sustainable. A comprehensive, integrated system is necessary to handle interconnected regulatory requirements (e.g., KYC, CKYCR, and UCIC).
Proactive data governance and automation are essential to prevent lapses in routine, yet critical, compliance tasks.
