Inspection Reference: Statutory Inspection for Supervisory Evaluation (ISE) as of March 31, 2025.
Nature of Violations:
KYC Non-compliance: Failure to carry out periodic reviews of risk categorization for certain categories of accounts.
BR Act Violation: Contravention of Section 20(1)(b)(iii) of the Banking Regulation Act, 1949, relating to the sanctioning of director-related loans.
2. Root Cause Analysis (RCA)
Lapse in Risk Categorization (KYC): The core issue likely stems from a failure in the bank’s Core Banking System (CBS) or KYC monitoring software to generate automated alerts for accounts due for periodic risk reviews. Alternatively, there may have been a backlog in manual processing where alerts were generated but not acted upon by branch staff within the stipulated regulatory timeline.
Sanction of Director-Related Loans: This indicates a critical breakdown in the credit appraisal and Loan Origination System (LOS). The RCA points to either inadequate conflict-of-interest declarations obtained during the loan application stage or a failure of the credit underwriting team to cross-verify applicant details against the active list of director-related entities (preventing the invocation of statutory restrictions under Section 20 of the BR Act).
3. Preventive Controls
Automated KYC Schedulers: Implement hard-coded system triggers in the CBS that automatically restrict debit/credit transactions if periodic KYC risk categorization reviews are not completed within the designated lifecycle.
Enhanced LOS Checks (Systemic Hard-Stops): Integrate a real-time, updated database of “Director/Related Entities” into the Loan Origination System. The system must implement a “hard-stop” (blocking further processing) if a match is found, requiring an immediate escalation to compliance and board committees for appropriate clearance or rejection.
Mandatory Borrower Declarations: Reinforce standard operating procedures (SOPs) to include a mandatory, legally binding declaration from all corporate and high-value borrowers regarding their relationship with any of the bank’s directors or senior management.
Concurrent Audit Expansion: Mandate concurrent auditors to specifically sample and verify the completion of KYC risk reviews and related-party loan sanctions on a monthly basis.
4. Lessons Learnt
Dynamic Compliance is Essential: KYC is not a one-time onboarding activity. Banks must treat risk categorization as a dynamic, ongoing process heavily reliant on technological tracking rather than manual branch-level intervention.
Strict Adherence to Statutory Credit Limits: Section 20 of the BR Act is non-negotiable. Credit underwriting teams must maintain a rigid perimeter around related-party transactions to ensure absolute transparency and prevent conflict of interest.
System Deficiencies Equal Regulatory Risk: Manual workarounds for critical compliance checks inevitably lead to human error and regulatory penalties. Investing in robust, automated compliance architecture is paramount for operational safety.
