1. Key Details of the Contravention
This section summarizes the regulatory action taken by the Reserve Bank of India (RBI) against the bank, based on the findings from the Statutory Inspection for Supervisory Evaluation (ISE 2024).
- Penalized Entity: Tamilnad Mercantile Bank Limited
- Penalty Imposed: Rs. 39.60 Lakh
- Order Date: November 13, 2025
- Statutory Violations: Section 10A of the Payment and Settlement Systems (PSS) Act, 2007, and Section 26A of the Banking Regulation (BR) Act, 1949.
- Specific Charges:
- Indirectly imposing charges on Basic Savings Bank Deposit (BSBD) account holders for Unified Payments Interface (UPI) transactions.
- Failure to transfer eligible unclaimed amounts to the Depositor Education and Awareness (DEA) Fund within the prescribed regulatory period.
2. Root Cause Analysis (RCA)
The root cause for these systemic failures stems from deficiencies in system parameterization and operational governance.
A. BSBD Account Charging Failure:
- System Override Failure: The Core Banking System (CBS) or the payment gateway/switch processing logic failed to correctly identify and apply the mandatory fee-bypass parameter for BSBD accounts during UPI transactions.
- Inadequate UAT: During the integration or update of the UPI system, the User Acceptance Testing (UAT) phase lacked specific, rigorous test cases to verify the zero-charge mandate for BSBD accounts.
- Monitoring Gap: Absence of a dedicated, daily reconciliation report to track and alert Compliance or Operations regarding any charges debited from BSBD accounts.
B. DEA Fund Transfer Delay:
- Process Manualisation: Over-reliance on manual identification, extraction, and reconciliation of accounts/funds eligible for transfer (i.e., inactive for 10 years or more).
- Regulatory Misinterpretation: Lack of clarity or misapplication of the precise periodicity and deadline specified by the RBI for the timely transfer of unclaimed amounts.
- Governance Lapse: Absence of a mandatory, auto-scheduled system sweep or a clear, documented sign-off procedure involving multiple control teams (Operations, Finance, Compliance) to ensure timely submission.
3. Preventive Controls & Corrective Actions
A. Immediate Corrective Actions:
- System Fix and Re-verification: Immediately isolate and fix the CBS/UPI logic to ensure BSBD accounts are unconditionally exempt from all fees on mandated free services. Conduct mandatory re-testing by an independent internal audit team.
- Customer Redressal: Initiate a comprehensive lookback (e.g., three years) to identify all wrongfully charged BSBD customers and ensure full, immediate refund of all debited amounts, along with appropriate compensatory interest.
- DEA Fund Reconciliation: Complete the transfer of all currently eligible unclaimed funds to the DEA Fund without further delay and document the execution for the RBI.
B. Long-Term Preventive Controls:
- Automated Compliance Guardrail: Implement a “Hard Stop” in the CBS that prevents any debit or fee posting from a product type designated for regulatory exemption (e.g., BSBD) for specific services.
- DEA Automation & Dual-Control: Introduce a fully automated, system-driven DEA sweep module that runs monthly, not just at the regulatory deadline. Implement a mandatory, multi-level digital approval workflow for the transfer file.
- Enhanced Compliance Testing: Embed compliance scenarios (e.g., BSBD rules, KYC limits, DEA timelines) into the standard project management lifecycle for ‘all’ technology changes and product rollouts (Shift-Left Compliance).
4. Lessons Learnt for the Bank
This penalty underscores three crucial, non-negotiable principles for all banking operations:
- Vigilance on Basic Services: Non-compliance related to BSBD accounts is a severe oversight, as these services are designed for financial inclusion. Meticulous adherence to ‘zero-fee’ mandates for these accounts must be a top priority.
- Governance of Unclaimed Assets: The management of dormant accounts and the timely transfer to the DEA Fund is a critical fiduciary duty. It requires a robust, automated, and strictly scheduled governance process, removing all scope for manual error or delay.
- Proactive Compliance Integration: Compliance must be integrated as a hard-coded check within IT architecture, rather than an external, post-facto audit function. Every new product or channel (like UPI) must be built with regulatory requirements as mandatory foundational features.