RBI Penalty Report – 23rd April 2026

1. Dr. Babasaheb Ambedkar Nagari Sahakari Bank Ltd., Aurangabad

Key Details

• Penalty Imposed: ₹80,000
• Order Date: April 17, 2026
• Inspection Reference: Financial position as on March 31, 2025.
• Violation: Non-compliance with ‘Exposure Norms & Statutory/Other Restrictions – UCBs’ and Supervisory Action Framework (SAF).
• Specific Failures: Failed to adhere to prescribed regulatory ceilings on certain advances and offered interest rates on deposits higher than the State Bank of India (SBI) in violation of SAF directives.

Root Cause Analysis (RCA)

The breaches indicate a critical gap in the bank’s Core Banking System (CBS) parameterization. The system lacked automated hard-stops to restrict loan sanctioning once regulatory exposure ceilings were breached. Furthermore, the Asset Liability Management (ALM) committee likely relied on manual benchmarking against SBI deposit rates rather than utilizing an automated API or systematic pegging mechanism, leading to rate adjustments that violated SAF conditions.

Preventive Controls

• System Hard-Stops: Implement un-bypassable exposure limit controls within the CBS that automatically block sanction generation if limits are exceeded.
• Automated Rate Validation: Deploy a system integration or mandatory compliance checklist in the deposit-rate authoring workflow to ensure no retail deposit rate surpasses the prevailing SBI benchmark under SAF constraints.

Lessons Learnt

2. Ebix Payment Services Private Limited

Key Details

• Penalty Imposed: ₹80,000
• Order Date: April 17, 2026
• Inspection Reference: Period spanning June 2024 to May 2025.
• Violation: Non-compliance with RBI directions on ‘Know Your Customer’ (KYC) under the Payment and Settlement Systems Act, 2007.
• Specific Failures: Failed to carry out the requisite risk categorisation of its customers during or post-onboarding.

Root Cause Analysis (RCA)

The fundamental root cause is the absence of an integrated risk-scoring logic in the customer onboarding engine. The entity likely treated KYC solely as an identity verification step rather than a comprehensive risk-profiling mechanism, allowing users to initiate transactions without a distinct Low, Medium, or High-risk tag being assigned and recorded in the database.

Preventive Controls

• Mandatory Gateway Logic: Code a mandatory step in the KYC portal that prevents account activation until a risk-scoring matrix (based on occupation, geography, transaction limits) evaluates and categorizes the customer.
• Periodic Database Audits: Run automated weekly queries to identify and block accounts with “Null” or undefined risk categories.

Lessons Learnt

3. Hardoi Jilla Sahkari Bank Ltd., Uttar Pradesh

Key Details

• Penalty Imposed: ₹1,00,000 (Rupees One Lakh)
• Order Date: April 21, 2026
• Inspection Reference: March 31, 2025 (Conducted by NABARD).
• Violation: Non-compliance with ‘Know Your Customer (KYC)’ directions.
• Specific Failures: Failed to put in place a system for the periodic review of risk categorisation of accounts (the periodicity requirement being at least once in six months).

Root Cause Analysis (RCA)

The bank’s compliance framework treated customer risk rating as a static, one-time onboarding activity rather than a dynamic assessment. There was a lack of scheduled, automated triggers within the CBS to flag accounts requiring their mandated bi-annual risk review. Branch staff were likely lacking actionable reports to execute these reviews.

Preventive Controls

• Automated Review Triggers: Implement an internal alert system generating tasks for branch managers 30 days prior to the 6-month expiry of an account’s last risk review.
• Compliance Dashboards: Create a centralized MIS dashboard for the Principal Officer to monitor overdue risk reviews, coupled with a policy to restrict account functionalities if the review is significantly delayed.

Lessons Learnt