Makarpura Industrial Estate Co-operative Bank Ltd., Vadodara, Gujarat
Key Details
Penalty Imposed: The Reserve Bank of India (RBI) imposed a monetary penalty of ₹2 lakh (Rupees Two Lakh only) on Makarpura Industrial Estate Co-operative Bank Ltd., Vadodara, Gujarat. The order was dated September 22, 2025.
Reason for Penalty: The penalty was for non-compliance with certain directions issued by RBI on ‘Know Your Customer (KYC)’ and ‘Basic Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs)’ read with ‘Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) – A Graded Approach’.
Inspection Period: The non-compliance was identified during a statutory inspection of the bank’s financial position as of March 31, 2024.
Root Cause Analysis (RCA)
Based on the supervisory findings, the root causes for the bank’s non-compliance likely stem from a lack of robust procedural enforcement in two critical areas:
KYC Procedural Lapses: The bank failed to carry out periodic review of risk categorisation of certain accounts, with the mandatory periodicity being at least once in six months. This suggests a manual or deficient system for tracking and updating customer risk profiles, which is a fundamental requirement of KYC norms.
Cyber Security Implementation Failure: The bank failed to implement certain cyber security control measures under the Cyber Security Framework prescribed by RBI. This indicates a gap in IT governance, insufficient resource allocation, or a lack of technical expertise needed to fully deploy the essential controls mandated to protect the bank’s IT environment from cyber threats.
Preventive Controls
To prevent similar non-compliance issues, the bank should implement the following controls:
Automated Risk Categorisation Tracking: Implement an automated system that flags accounts for mandatory risk review on a strict calendar basis, ensuring the review is initiated and completed at least once every six months. This eliminates reliance on manual tracking and reduces human error.
Comprehensive Cyber Security Audit: Conduct an immediate, independent audit of all prescribed cyber security controls to identify and implement the measures that were previously missed. This includes ensuring all mandated hardware, software, and procedural controls are operational and documented.
Integrated Compliance and IT Governance: Establish a formal committee that reviews IT implementation progress against RBI’s Cyber Security Framework directions on a monthly basis, ensuring accountability for system upgrades and control deployment.
Lessons Learned
The penalty highlights the RBI’s stringent enforcement of both customer due diligence and technological resilience. The key takeaways for the bank are:
Dual Focus on Compliance: Banks must recognize that compliance extends equally to customer-facing regulatory aspects (KYC) and internal technological security (Cyber Security). Deficiencies in either area can attract penalties.
Mandatory Periodicity is Strict: Statutory and regulatory requirements with specific periodicities (e.g., six months for risk review) are non-negotiable and must be built into automated compliance systems.
Cyber Security Implementation is Essential: Simply having an IT system is insufficient; the bank must ensure full and continuous implementation of all required cyber security control measures to protect its data and operations.
RBI Press Release
The Tamil Nadu Circle Postal Co-operative Bank Ltd., Tamil Nadu
Key Details
Penalty Imposed: The Reserve Bank of India (RBI) imposed a monetary penalty of ₹50,000/- (Rupees Fifty Thousand only) on The Tamil Nadu Circle Postal Co-operative Bank Ltd., Tamil Nadu. The order was dated September 23, 2025.
Reason for Penalty: The penalty was for non-compliance with specific directions issued by RBI under ‘Supervisory Action Framework (SAF)’.
Inspection Period: The non-compliance was identified during a statutory inspection of the bank’s financial position as of March 31, 2024.
Root Cause Analysis (RCA)
The core root cause for the penalty is the bank’s failure to adhere to specific operational restrictions imposed by the RBI under the Supervisory Action Framework (SAF).
Non-Adherence to SAF Restrictions: The bank was found to have offered interest rates on deposits higher than those offered by State Bank of India (SBI). This is a clear breach of one of the core directions often imposed under the SAF to prevent a weak bank from engaging in risky deposit solicitation practices. This suggests a failure of internal communication or compliance monitoring to effectively translate and enforce the SAF-imposed restrictions on the ground.
Preventive Controls
To prevent similar non-compliance issues, the bank should implement the following controls:
Real-Time Rate Monitoring: Establish a mandatory and daily internal check to compare the bank’s current deposit interest rates against the corresponding rates offered by the State Bank of India.
Strict Rate Change Approval: Implement a four-eyes approval policy for any change in deposit interest rates, where the compliance officer must specifically verify adherence to all SAF directions, including the rate ceiling, before implementation.
Mandatory Staff Training: Conduct immediate and recurrent training for all treasury, branch, and marketing staff on the specific restrictions imposed by the SAF and the serious implications of non-adherence.
Lessons Learned
The penalty underscores the critical importance of absolute and literal compliance with conditions imposed under the SAF. The key takeaway for the bank is:
SAF Compliance is Paramount: Any bank under the Supervisory Action Framework must treat the imposed directions as non-negotiable. Even seemingly small deviations, such as exceeding a prescribed deposit rate ceiling, are considered significant regulatory failures.
RBI Press Release
The Guntur District Co-operative Central Bank Limited, Andhra Pradesh
Key Details
Penalty Imposed: The Reserve Bank of India (RBI) imposed a monetary penalty of ₹50,000/- (Rupees Fifty Thousand only) on The Guntur District Co-operative Central Bank Limited, Andhra Pradesh. The order was dated September 23, 2025.
Reason for Penalty: The penalty was for non-compliance with certain directions issued by RBI on ‘Know Your Customer (KYC)’.
Inspection Period: The non-compliance was identified during a statutory inspection conducted by NABARD of the bank’s financial position as of March 31, 2024.
Root Cause Analysis (RCA)
The root cause for the penalty is a systemic failure in the bank’s information submission process, which is a key component of the national KYC infrastructure.
Failure in CKYCR Upload Timeline: The bank failed to upload the KYC records of customers onto Central KYC Records Registry (CKYCR) within the prescribed timeline. This indicates either an inefficient manual process, a lack of integration between the bank’s core banking system and the CKYCR portal, or a failure to dedicate sufficient resources to meet the mandatory regulatory timelines for data submission.
Preventive Controls
To prevent similar non-compliance issues, the bank should implement the following controls:
Automate CKYCR Submission: Integrate the Core Banking System (CBS) with the CKYCR mechanism to allow for automated and timely submission of KYC records immediately after account opening or KYC update.
Real-Time Monitoring Dashboard: Develop a dashboard that tracks all new accounts and KYC updates, showing the remaining time until the regulatory CKYCR submission deadline. This ensures the compliance team has visibility and control over the upload process.
Compliance Checklist for New Accounts: Implement a mandatory compliance checklist for new account opening, where the CKYCR upload completion must be verified before the account is fully activated in the bank’s systems.
Lessons Learned
The penalty emphasizes the importance of digital compliance and adherence to national financial infrastructure requirements. The key takeaway for the bank is:
Timeliness in Digital KYC is Crucial: Meeting the prescribed timelines for uploading customer KYC records to CKYCR is a mandatory element of the KYC framework. Banks must prioritize systemic efficiency to ensure records are uploaded promptly to facilitate financial stability and check money laundering.
RBI Press Release
The South Canara District Central Co-operative Bank Ltd, Karnataka
Key Details
Penalty Imposed: The Reserve Bank of India (RBI) imposed a monetary penalty of ₹1.50 lakh (Rupees One Lakh Fifty Thousand only) on The South Canara District Central Co-operative Bank Ltd, Karnataka. The order was dated September 23, 2025.
Reason for Penalty: Non-compliance with directions on ‘Housing finance’ read with ‘Enhancement in Individual housing loan limits and credit to Commercial Real Estate – Residential Housing (CRE-RH)’ and contravention of provisions of Section 19 read with Section 56 of the Banking Regulation Act, 1949 (BR Act).
Inspection Period: The non-compliance was identified during a statutory inspection conducted by NABARD of the bank’s financial position as of March 31, 2024.
Root Cause Analysis (RCA)
The root causes are two-fold, covering both regulatory lending limits and statutory restrictions on shareholding.
Credit Exposure Management Failure: The bank breached the prudential exposure limits on housing finance. This indicates poor internal control over lending growth, a lack of an automated system to track aggregate sectoral exposure, or failure to recalculate and adhere to the updated regulatory limits.
Statutory Investment Violation: The bank held shares in other co-operative society in contravention of the B R Act. This is a statutory violation, suggesting a lack of legal scrutiny over the investment portfolio or ignorance of Section 19 of the BR Act, which governs shareholding restrictions.
Preventive Controls
To prevent similar non-compliance issues, the bank should implement the following controls:
Automated Exposure Limit Monitoring: Implement a real-time system that aggregates all housing finance exposure and automatically halts new loan disbursals when the prudential regulatory limit is reached or approaches a pre-defined threshold (e.g., 95% of the limit).
Legal Compliance Vetting for Investments: Subject all existing and new investments, particularly shareholdings in other co-operative societies, to a mandatory legal vetting process to ensure strict adherence to Section 19 read with Section 56 of the BR Act.
Policy Review and Training: Conduct an immediate review of the bank’s loan policy and investment policy, followed by intensive training for credit and treasury staff on the importance of adhering to prudential exposure norms and statutory investment restrictions.
Lessons Learned
The penalty serves as a reminder that both prudential lending norms and statutory investment laws are strictly enforced. The key takeaways for the bank are:
Credit and Investment Discipline: Banks must maintain strict credit discipline by staying within prescribed sectoral exposure limits to manage risk.
Non-Negotiable Statutory Compliance: Violating core sections of the Banking Regulation Act, 1949, such as those related to permissible investments, is a serious matter leading to penal action.
RBI Press Release
Gayatri Co-operative Urban Bank Ltd., Jagtial, Telangana
Key Details
Penalty Imposed: The Reserve Bank of India (RBI) imposed a monetary penalty of ₹10 lakh (Rupees Ten Lakh only) on Gayatri Co-operative Urban Bank Ltd., Jagtial, Telangana. The order was dated September 23, 2025.
Reason for Penalty: The penalty was for non-compliance with certain directions issued by RBI on ‘Marketing / Distribution of Mutual Fund / Insurance Products by Urban Cooperative Banks’.
Inspection Period: The non-compliance was identified during a statutory inspection of the bank’s financial position as of March 31, 2024.
Root Cause Analysis (RCA)
The substantial penalty amount suggests a significant failure in the bank’s sales practices and customer protection framework.
Failure of Disclosure and Transparency: The bank sold insurance products to its customers without adequate disclosure and transparency. This indicates a serious lapse in sales conduct, likely involving mis-selling or incomplete explanation of product risks, features, and fees. This violates the core principle of customer protection in the distribution of third-party products.
Preventive Controls
To prevent similar non-compliance issues, the bank should implement the following controls:
Mandatory Sales Disclosure Checklist: Implement a mandatory, documented checklist for every insurance sale, requiring the sales representative and the customer to initial key disclosures (e.g., product is not a bank deposit, risk factors, lock-in period).
Post-Sale Verification: Institute a mandatory ‘call-back’ verification process by a dedicated compliance team within 7 days of the sale to confirm that the customer received and understood all disclosures, and was not subjected to undue pressure.
Sales Force Training and Incentivization: Realign sales incentives to prioritize quality of disclosure and customer retention over sheer volume, and conduct rigorous training focused on ethical sales practices and transparency requirements.
Lessons Learned
The penalty reinforces the RBI’s focus on consumer protection in the financial services sector. The key takeaways for the bank are:
Transparency is Non-Negotiable: When distributing third-party products like insurance, full disclosure and transparency are paramount. Banks must protect their customers and cannot use the bank-customer relationship to push sales without clear and complete information.
Sales Practices are under Regulatory Scrutiny: Regulatory compliance extends beyond balance sheet management to cover fair and ethical sales conduct. Failure in this area can result in severe penalties.