American Express Banking Corp.
- Penalty Amount: ₹31.80 Lakh (Rupees Thirty One Lakh Eighty Thousand only)
- Order Date: October 01, 2025
- Inspection Ref: Supervisory Evaluation (ISE 2024) as on March 31, 2024
- Non-Compliance: Non-compliance with the Reserve Bank of India (Credit Card and Debit Card Issuance and Conduct) Directions, 2022.
- Specific Violation: Failure to make efforts to reverse credit balances of certain credit cardholders, arising out of refund / failed / reversed transactions, to their bank accounts.
The primary root cause is likely a deficiency in the automated reconciliation and settlement system governing credit card accounts. While refunds were processed, the subsequent automated process for identifying and pushing the resulting net credit balances back to the customer’s linked bank account (as mandated by the directions) was either missing, manually triggered, or prone to failure/omission for specific transaction types or accounts.
- System Automation: Implement a robust, scheduled, automated process to identify all credit card accounts holding a positive balance beyond a defined period (e.g., T+5 working days post-credit posting).
- Mandatory Reversal: Hard-code the system to automatically initiate an electronic funds transfer (EFT/NEFT) to the cardholder’s linked bank account for any such positive balance, adhering strictly to the RBI-prescribed timeline.
- Audit Trail: Maintain a comprehensive audit trail detailing the date of refund, the date of automatic reversal initiation, and the status of the final credit to the customer’s bank account.
Regulatory compliance requires end-to-end automation, particularly in consumer protection mandates like timely refunds. Relying on manual intervention or incomplete system logic for critical reconciliation processes exposes the bank to significant regulatory and reputational risk.
HDB Financial Services Ltd.
- Penalty Amount: ₹4.20 Lakh (Rupees Four Lakh Twenty Thousand only)
- Order Date: October 01, 2025
- Inspection Ref: Statutory Inspection as on March 31, 2024
- Non-Compliance: Non-compliance with ‘Reserve Bank of India (Know Your Customer (KYC)) Directions, 2016’.
- Specific Violation: Failure to obtain Permanent Account Number (PAN) or equivalent e-document thereof or Form No. 60 in certain loan accounts disbursed during FY 2023-24.
The core issue is a weakness in the Loan Origination System (LOS) or KYC ingestion process. The system likely permitted the completion of the loan disbursement workflow without the mandatory hard validation for PAN/Form 60, treating it as a non-critical or optional field, thereby allowing operational staff to bypass a fundamental KYC requirement.
- Hard System Stop: Introduce a mandatory, non-bypassable system validation (a “hard stop”) in the LOS to prevent loan application approval or disbursement if the PAN, equivalent e-document, or valid Form 60 is missing.
- Real-Time Validation: Integrate the LOS with systems capable of real-time PAN validation (if permissible) to ensure data accuracy at the time of collection.
- Pre-Audit Review: Implement a pre-disbursement compliance check where a designated unit reviews a sample of accounts for all mandatory KYC documents, focusing specifically on PAN/Form 60 completion.
KYC compliance must be enforced by robust, non-negotiable system controls. Operational convenience should never override mandatory regulatory requirements, especially those relating to financial transparency (PAN/Form 60).
The Bagalkot District Central Co-operative Bank Limited
- Penalty Amount: ₹5.50 Lakh (Rupees Five Lakh Fifty Thousand only)
- Order Date: September 29, 2025
- Inspection Ref: Statutory Inspection by NABARD as on March 31, 2024
- Non-Compliance: Contravention of Sections 20 read with Section 56 of the Banking Regulation Act, 1949 (BR Act) and non-compliance with NABARD directions.
- Specific Violations:
- Sanctioned director related loan.
- Failed to submit certain statutory returns to NABARD within the prescribed timeline (‘Offsite Surveillance System Revision of Due dates for submission of OSS/FMS Returns’).
Violation 1 (Director Loans) points to a severe failure of corporate governance and internal controls where the Board/Management disregarded statutory prohibitions on granting loans to directors or their related entities. Violation 2 (Late Returns) indicates reliance on manual, non-automated regulatory reporting processes and poor internal deadline management.
- Governance: Conduct mandatory, recurring training for the Board and Senior Management on BR Act Section 20 prohibitions; implement a conflict of interest declaration and a system-level block for accounts linked to directors.
- Regulatory Reporting: Implement a dedicated regulatory reporting system with automated data feeds, calculation engines, and staggered internal deadlines (earlier than the NABARD due date) for review and sign-off.
- Compliance Monitoring: The Internal Audit/Compliance function must periodically review loan records specifically for insider lending and report any breaches directly to the Audit Committee.
Compliance begins at the top. Strict adherence to core statutory provisions, especially those concerning insider transactions, is non-negotiable. Timely regulatory reporting must be treated as a priority, leveraging automation to mitigate operational risk.
The Vaniyambadi Town Co-operative Bank Limited
- Penalty Amount: ₹1 Lakh (Rupees One Lakh only)
- Order Date: September 29, 2025
- Inspection Ref: Statutory Inspection as on March 31, 2024
- Non-Compliance: Non-compliance with specific directions issued under ‘Supervisory Action Framework (SAF)’ and ‘Know Your Customer (KYC)’ directions.
- Specific Violations:
- Sanctioned fresh loans beyond the applicable single borrower exposure limits AND fresh loans carrying risk weights more than 100% (non-adherence to SAF).
- Failed to upload the KYC records of customers onto Central KYC Records Registry (CKYCR) within the prescribed timeline.
SAF Violation is due to a critical failure in credit risk management and policy enforcement (lack of system controls to prevent exposure limit breaches). CKYCR Violation is generally due to poor technical preparedness, prioritizing existing systems over new regulatory infrastructure, or a lack of dedicated resources for the CKYCR upload process.
- SAF Hard Controls: Implement mandatory, automated system checks within the Core Banking System (CBS) to reject loan applications that violate single borrower exposure limits or risk weight restrictions as specified under SAF.
- CKYCR Automation: Establish a dedicated CKYCR cell or team; ensure robust API integration with the CBS for daily, near-real-time upload of all new customer KYC records, and a rigorous monitoring dashboard for failed uploads.
- Risk Culture: Mandatory sign-off by a dedicated Compliance Officer for all credit proposals while the bank remains under SAF to ensure zero tolerance for policy deviations.
Adherence to the Supervisory Action Framework (SAF) is paramount for the bank’s stability and survival; compliance with its lending restrictions must be absolute and enforced by system-level barriers. Timely adoption of centralized national infrastructure (CKYCR) is a fundamental Anti-Money Laundering requirement.
The Hassan District Co-operative Central Bank Ltd
- Penalty Amount: ₹1 Lakh (Rupees One Lakh only)
- Order Date: September 29, 2025
- Inspection Ref: Statutory Inspection by NABARD as on March 31, 2024
- Non-Compliance: Contravention of Section 19 read with Section 56 of the BR Act and non-compliance with ‘Know Your Customer (KYC)’ directions.
- Specific Violations:
- Held shares in other co-operative society (contravention of BR Act).
- Failed to upload the KYC records of customers onto Central KYC Records Registry (CKYCR) within the prescribed timeline.
Violation 1 (Holding Shares) stems from a misinterpretation or disregard of statutory investment prohibitions (Section 19 of BR Act). The bank lacked a final compliance check before making investments. Violation 2 (CKYCR) is a recurring issue, indicating insufficient allocation of resources or a failure to resolve technical integration challenges with the CKYCR API.
- Investment Policy Compliance: Mandate a pre-investment legal and compliance vetting process for every investment, specifically certifying adherence to Section 19 of the BR Act.
- Divestment Plan: Create a time-bound plan to divest existing prohibited shareholdings and implement strict monitoring to prevent future breaches.
- CKYCR Process Refinement: Implement batch processing for backlog data and integrate a real-time tracking system to monitor successful CKYCR upload rates, with automatic escalation for delayed or failed uploads.
Statutory restrictions on investments are absolute and designed to protect depositor funds; all investment decisions must pass a strict legal compliance review. Furthermore, CKYCR compliance must be treated as a continuous operational requirement, not a periodic task.
The Ranuj Nagrik Sahakari Bank Limited
- Penalty Amount: ₹3 Lakh (Rupees Three Lakh only)
- Order Date: September 30, 2025
- Inspection Ref: Statutory Inspection as on March 31, 2024
- Non-Compliance: Non-compliance with directions on ‘Management of Advances – UCBs’ and ‘Customer Protection – Limiting Liability of Customers of Co-operative Banks in Unauthorized Electronic Banking Transactions’.
- Specific Violations:
- Failed to ensure end-use of funds with respect to certain loans.
- Failed to enable customers to instantly respond by “Reply” to SMS alerts to notify the objection towards unauthorised electronic banking transactions.
Violation 1 (End-use of Funds) is due to weak post-disbursement monitoring and documentation. The bank likely relied only on borrower statements without mandatory site visits or verification of purchase/expense receipts. Violation 2 (SMS Reply) indicates a failure to implement the required two-way communication technology, relying on a basic, one-way SMS service that does not meet the customer protection mandate.
- End-Use Verification: Mandate and document physical verification/site visits for a defined percentage of loan accounts post-disbursement, focusing on large loans. Require authenticated documents (invoices, receipts) matching the loan’s stated purpose.
- SMS System Upgrade: Immediately upgrade the SMS alert system to a two-way communication service. Configure the system to automatically flag an unauthorized transaction objection upon receiving a reply-based trigger word (e.g., “STOP,” “FRAUD,” or “REPLY”).
- Liability Protocol: Integrate the SMS objection trigger with the fraud monitoring system to instantly block the card/channel upon receiving a reply objection, thereby limiting customer liability.
Effective credit risk management requires active post-lending vigilance to ensure the capital serves its intended purpose. Furthermore, customer protection mandates, especially related to unauthorized electronic transactions, demand modern, instant response mechanisms that must be integrated into the bank’s core IT infrastructure.