Surat People’s Co-operative Bank Ltd., Surat
Key Details
- Penalty Amount: ₹13.30 Lakh
- Date of Order: July 10, 2026
- Violation: Non-compliance with directions on ‘Board of Directors UCBs’. Directors participated in and approved proposals in which they were directly or indirectly interested.
- Statutory Basis: Section 47A(1)(c) read with Sections 46(4)(i) and 56 of the Banking Regulation Act, 1949. Based on financial position as on March 31, 2025.
Root Cause Analysis (RCA)
A failure in corporate governance and conflict of interest management at the Board level. The absence of robust procedures to identify, declare, and recuse conflicted directors from decision-making processes led to this violation.
Preventive Controls
- Implement strict conflict of interest policies requiring mandatory, documented declarations from all directors before every Board meeting.
- Establish an independent compliance officer or committee to review agenda items against known director interests prior to meetings.
- Enforce mandatory recusal protocols, ensuring conflicted directors physically leave the room and their absence is recorded in the minutes during specific discussions.
Lessons Learnt
Transparency and ethical conduct at the highest level of governance are non-negotiable. Banks must move beyond policy formulation to rigorous implementation of conflict of interest management to ensure impartial decision-making and regulatory adherence.
RBI Press Release
The Chikhli Urban Co-operative Bank Limited, Maharashtra
Key Details
- Penalty Amount: ₹13 Lakh
- Date of Order: July 8, 2026
- Violations:
- Failed to transfer unclaimed amounts to the Depositor Education and Awareness (DEA) Fund.
- Sanctioned loans to builders/contractors for land acquisition.
- Lacked robust software for identifying/reporting suspicious transactions (KYC non-compliance).
- Statutory Basis: Section 26A read with Section 56 of the BR Act, and non-compliance with ‘Finance for Housing Schemes UCBs’ and KYC directions.
Root Cause Analysis (RCA)
Systemic failures across multiple operational areas. Lack of automated alerts for DEA fund transfers, inadequate credit appraisal mechanisms failing to restrict prohibited loan types, and insufficient IT infrastructure for Anti-Money Laundering (AML) monitoring.
Preventive Controls
- Automate the identification and transfer process for the DEA Fund within the Core Banking System (CBS).
- Strengthen loan origination systems with hard stops for prohibited end-uses (e.g., land acquisition by builders) and enhance credit audit processes.
- Procure and integrate advanced, RBI-compliant AML/KYC software to automate transaction monitoring and Suspicious Transaction Report (STR) generation.
Lessons Learnt
Comprehensive compliance requires a holistic approach, integrating regulatory guidelines directly into business operations and IT systems. Manual oversight is insufficient for complex regulatory requirements like AML monitoring and specific loan restrictions.
RBI Press Release
Ashok Sahakari Bank Ltd., Ahmednagar, Maharashtra
Key Details
- Penalty Amount: ₹10 Lakh
- Date of Order: June 29, 2026
- Violation: Sanctioned a loan to one of its own directors.
- Statutory Basis: Non-compliance with Section 20(1) of the Banking Regulation Act, 1949.
Root Cause Analysis (RCA)
A direct circumvention or lack of awareness of explicit statutory prohibitions regarding insider lending. The credit approval process failed to cross-reference loan applicants against the list of current directors.
Preventive Controls
- Implement a definitive system block within the loan processing software that prevents the sanctioning of any credit facility to individuals listed as directors or their specified relatives.
- Conduct regular training for credit officers and management on statutory restrictions under the BR Act.
- Require a specific sign-off from the legal/compliance department for any loan above a certain threshold confirming the borrower is not a restricted party.
Lessons Learnt
Statutory prohibitions must be hard-coded into operational systems. Trust in management must be supplemented with verifiable, automated controls to prevent prohibited transactions from being executed.
RBI Press Release
The Sambalpur District Co-operative Central Bank Limited, Odisha
Key Details
- Penalty Amount: ₹8 Lakh
- Date of Order: July 02, 2026
- Violations:
- Failed to transfer eligible unclaimed amounts to the DEA Fund.
- Failed to implement periodic review of risk categorization of customers.
- Statutory Basis: Section 26A read with Section 56 of the BR Act and non-compliance with KYC directions. Inspection by NABARD.
Root Cause Analysis (RCA)
Inadequate tracking mechanisms for long-term dormant accounts and a lack of procedural discipline regarding ongoing KYC maintenance. The bank likely relied on static, initial risk assessments rather than dynamic, ongoing monitoring.
Preventive Controls
- Deploy automated scripts to flag accounts nearing the DEA fund transfer threshold and initiate the transfer process seamlessly.
- Implement an automated KYC calendar system that alerts branch managers and compliance teams when customer risk profiles are due for review based on their assigned risk category (High, Medium, Low).
Lessons Learnt
Compliance is an ongoing lifecycle, not a one-time event. Continuous monitoring and periodic reassessment of customer risk profiles are crucial for maintaining a robust AML/KYC framework and avoiding regulatory penalties.
RBI Press Release
Avail Financial Services Limited
Key Details
- Penalty Amount: ₹6.20 Lakh
- Date of Order: July 10, 2026
- Violations:
- Managing Director held directorship in two other Middle Layer NBFCs.
- Breached regulatory single party exposure limits.
- Statutory Basis: Section 58G(1)(b) read with section 58B(5)(aa) of the RBI Act, 1934. Non-compliance with ‘Governance’ and ‘Credit/Investment Concentration Norms’.
Root Cause Analysis (RCA)
Failures in both corporate governance oversight regarding executive appointments and in risk management regarding credit concentration. Lack of pre-appointment vetting for the MD and insufficient system controls to monitor aggregate exposure to single entities.
Preventive Controls
- Establish a rigorous vetting process by the Nomination and Remuneration Committee to verify compliance with directorship limits before executive appointments.
- Implement real-time exposure tracking in the credit management system to block sanctions that would breach single or group exposure limits.
Lessons Learnt
Stringent adherence to governance norms and concentration limits is critical for NBFC stability. Diversification of risk and focused leadership are key regulatory expectations that must be strictly monitored.
RBI Press Release
Muthoot Finance Limited
Key Details
- Penalty Amount: ₹5.80 Lakh
- Date of Order: July 10, 2026
- Violations:
- Failed to implement periodic review of risk categorisation of accounts.
- Lacked robust software for identifying and reporting suspicious transactions.
- Statutory Basis: Section 58G(1)(b) read with section 58B(5)(aa) of the RBI Act, 1934. Non-compliance with KYC Directions.
Root Cause Analysis (RCA)
Significant gaps in the Anti-Money Laundering (AML) framework. The reliance on manual processes or inadequate legacy systems prevented the dynamic reassessment of customer risk and hindered the effective monitoring of complex transaction patterns.
Preventive Controls
- Invest in and deploy comprehensive, enterprise-wide AML software capable of automated transaction monitoring, anomaly detection, and STR generation.
- Institute an automated schedule within the new system to enforce the periodic review of KYC documents based on risk profiles.
Lessons Learnt
For large financial institutions, manual compliance processes are inadequate. Robust, automated IT infrastructure is a mandatory prerequisite for effective KYC/AML compliance and risk mitigation.
RBI Press Release
PAN Emami Cosmed Limited
Key Details
- Penalty Amount: ₹3.10 Lakh
- Date of Order: July 13, 2026
- Violation: Breached regulatory limits for credit exposure to a single group of parties.
- Statutory Basis: Section 58G(1)(b) read with Section 58B(5)(aa) of the RBI Act, 1934. Non-compliance with ‘Credit / investment concentration Norms’.
Root Cause Analysis (RCA)
Inadequate monitoring of group exposures. The system or process failed to correctly aggregate exposures across related entities within a single group, leading to sanctions that exceeded permissible limits.
Preventive Controls
- Enhance the credit appraisal software to accurately map and aggregate all exposures to related parties and interconnected groups.
- Implement strict hard limits within the system that require top-tier management override (only if legally permissible) before sanctioning beyond specified thresholds.
Lessons Learnt
Accurate identification and mapping of borrower relationships are essential for managing concentration risk. Systems must be capable of aggregating complex group exposures to ensure regulatory compliance.
RBI Press Release
Satya MicroCapital Limited
Key Details
- Penalty Amount: ₹3.10 Lakh
- Date of Order: July 13, 2026
- Violation: Failed to classify certain accounts as ‘non-performing assets’ (NPAs) upon restructuring.
- Statutory Basis: Section 58G(1)(b) read with Section 58B(5)(aa) of the RBI Act, 1934. Non-compliance with ‘Asset Classification’ directions.
Root Cause Analysis (RCA)
Misinterpretation or misapplication of Income Recognition and Asset Classification (IRAC) norms specifically related to restructured advances. The system likely failed to automatically downgrade accounts upon the application of restructuring terms.
Preventive Controls
- Update the Core Banking System/Loan Management System to automatically reclassify any standard account as NPA immediately upon execution of a restructuring agreement, in line with current RBI guidelines.
- Conduct specialized training for credit and operations staff on IRAC norms pertaining to restructuring and stress resolution.
Lessons Learnt
Asset classification must be objective and system-driven. Restructuring does not mask underlying stress, and regulatory classification norms regarding such accounts must be strictly adhered to.
RBI Press Release
Muthoot Vehicle and Asset Finance Limited
Key Details
- Penalty Amount: ₹2.70 Lakh
- Date of Order: July 13, 2026
- Violation: Failed to implement a system for periodic review of risk categorisation of accounts (at least once in six months).
- Statutory Basis: Section 58G(1)(b) read with section 58B(5)(aa) of the RBI Act, 1934. Non-compliance with KYC Directions.
Root Cause Analysis (RCA)
A process failure in maintaining the dynamic nature of KYC. The company lacked a triggered mechanism to ensure risk profiles were reassessed at the mandated six-month intervals, likely treating risk categorization as a one-time onboarding activity.
Preventive Controls
- Implement an automated scheduling system linked to the core database that mandates risk review workflows for every account at strict six-month intervals.
- Ensure account operability is conditionally linked to the successful completion of these periodic risk reviews.
Lessons Learnt
Regulatory timelines for KYC updates are strict. Proactive, system-driven scheduling is necessary to ensure adherence to periodicity mandates for risk assessment.
RBI Press Release
Dhani Loans and Services Limited
Key Details
- Penalty Amount: ₹2.70 Lakh
- Date of Order: July 15, 2026
- Violation: Failed to classify certain loan accounts as Non-Performing Assets (NPAs).
- Statutory Basis: Section 58G(1)(b) read with section 58B(5)(aa) of the RBI Act, 1934. Non-compliance with ‘Asset Classification’ directions.
Root Cause Analysis (RCA)
Systematic failure in the NPA identification process. This could stem from incorrect parameterization of IRAC norms within the loan management system, or improper manual overrides preventing accounts from slipping into NPA status based on objective criteria.
Preventive Controls
- Conduct a comprehensive independent audit of the NPA identification logic within the Loan Management System to ensure it aligns perfectly with current RBI guidelines (e.g., day-end processes, exact days past due calculation).
- Strictly prohibit manual interventions or ‘evergreening’ practices that prevent the automated classification of accounts as NPA.
Lessons Learnt
Accurate asset quality reporting is foundational to financial stability. Systems must accurately and objectively reflect the true state of the loan portfolio without manual interference.
RBI Press Release
The Nawada Central Co-operative Bank Limited, Bihar
Key Details
- Penalty Amount: ₹50,000
- Date of Order: July 02, 2026
- Violation: Failed to upload the KYC records of customers onto the Central KYC Records Registry (CKYCR) within the prescribed timeline.
- Statutory Basis: Section 47A(1)(c) read with Sections 46(4)(i) and 56 of the Banking Regulation Act, 1949. Non-compliance with ‘Know Your Customer (KYC)’ directions. Inspection by NABARD.
Root Cause Analysis (RCA)
The failure to upload KYC records to CKYCR within prescribed timelines usually indicates a lack of API integration between the bank’s Core Banking System (CBS) or onboarding portal and the CKYCR portal. It points to a reliance on manual batch uploads that are not strictly monitored for turnaround times, or inadequate staff training regarding CKYCR operational guidelines and strict timeline adherence.
Preventive Controls
- System Integration: Automate the CKYCR upload process by establishing direct API integration between the bank’s onboarding system and the CKYCR registry to ensure real-time or automated daily batch uploads without manual intervention.
- Automated Alerts: Set up an internal dashboard with automated alerts for the operations team when newly opened accounts’ KYC records cross a defined age (e.g., 2 days) without a successful CKYCR upload confirmation status.
- Rejection Management: Implement a strict maker-checker workflow to track CKYCR rejection reports (e.g., due to data format mismatch) and resolve them within a strict 24-hour SLA.
Lessons Learnt
Digital compliance infrastructure is as important as basic record-keeping. The regulatory expectation has shifted from simply collecting physical KYC documents to ensuring their timely digitization and centralization. Manual workarounds for high-volume, time-sensitive compliance tasks are highly prone to failure and regulatory scrutiny.