RBI Penalty Report – 20th November 2025

Root Cause Analysis (RCA)

• System Deficiencies: The Core Banking Solution (CBS) likely lacked automated NPA identification logic, relying on manual classification which is prone to error.
• Operational Gaps: Front-desk staff lacked training or updated checklists regarding “eligible entities” for Savings Accounts (e.g., opening SB accounts for commercial entities instead of Current Accounts).

Preventive Controls

• System Hardening: Configure CBS to auto-mark accounts as NPA immediately upon 90-day overdue status without manual intervention.
• Account Opening Filters: Implement system restrictions that prevent selecting “Savings Product” codes for non-individual/commercial PAN cards.

Lesson Learnt: Asset quality transparency is non-negotiable. Manual overrides on asset classification must be eliminated, and KYC norms for account types must be strictly enforced at the onboarding stage.

Root Cause Analysis (RCA)

• Process Latency: Absence of a monthly automated script to identify accounts dormant for 10+ years, leading to manual tracking and delays.
• Technical Integration Issues: The bank likely integrated with only one CIC (e.g., CIBIL) while neglecting the regulatory requirement to report to all four (Equifax, Experian, CRIF High Mark).

Preventive Controls

• Automated Sweeps: Implement a “DEAF Sweep” scheduler in the banking software that generates a transfer list automatically every month.
• CIC Upload Checklist: Create a “Maker-Checker” process where the IT department must produce acknowledgement receipts from all 4 CICs before closing the monthly compliance cycle.

Lesson Learnt: Statutory transfers (DEAF) are time-bound legal obligations, not operational choices. Credit reporting must be comprehensive to ensure the integrity of the national credit ecosystem.

Root Cause Analysis (RCA)

• Governance Oversight: The Board/Secretarial team treated director appointments as a standard internal corporate matter, overlooking the specific regulatory clause (Scale Based Regulation) that triggers external approval thresholds.
• Interpretation Error: Failure to calculate the “30% threshold” cumulatively or accurately excluding independent directors during board reshuffles.

Preventive Controls

• Secretarial Audit: Mandatory legal review by an external firm before any Board agenda item regarding “Appointment/Resignation of Directors” is finalized.
• Board Charter Amendment: Insert a permanent clause in the Articles of Association stating that any management change >30% is “Conditional upon Regulatory Approval.”

Lesson Learnt: For Regulated Entities (REs), Board composition is a regulatory concern, not just a shareholder right. “Prior approval” means no action can be taken until the regulator consents.

Root Cause Analysis (RCA)

• Technical Workflow Break: The process of digitizing physical KYC forms and converting them to the CKYC template was likely manual and batched, causing delays beyond the T+1 or prescribed cycle.
• Legacy Data Issues: Potential difficulty in extracting clean data from legacy systems to meet CERSAI’s strict validation formats.

Preventive Controls

• Daily Upload Protocol: Implement a “End of Day” process where all accounts opened that day are batched and uploaded to CKYCR immediately.
• Validation Tool: Use a pre-upload validation utility to check KYC data quality before attempting submission to CKYCR to reduce rejection rates.

Lesson Learnt: KYC compliance is not complete until the data is successfully lodged with the central registry. A backlog in CKYC uploads is a high-risk indicator for regulators.