1. Mahindra & Mahindra Financial Services Limited
Penalty Amount: ₹11.50 Lakh
Date of Order: February 27, 2026
Key Details
- Violations: Non-compliance with RBI directions on ‘Fair Practices Code’ and ‘Internal Ombudsman for Regulated Entities’.
- Specific Triggers: The company levied revised foreclosure charges on certain accounts without incorporating a suitable condition in their loan agreements. Furthermore, it failed to escalate certain partly/wholly rejected complaints to its Internal Ombudsman within the prescribed time, and failed to communicate final decisions to complainants within the prescribed time.
Analytical Breakdown
- Root Cause Analysis (RCA): There is a disconnect between product/pricing teams and legal documentation teams, leading to retroactive fee applications. Additionally, the grievance redressal tracking system lacks strict Service Level Agreement (SLA) triggers to auto-escalate rejected claims or force final communication.
- Preventive Controls: Institute a strict change-management protocol where no fee parameter can be altered in the billing system without verified alignment with the existing customer contract templates. Deploy a robust CRM ticketing system that automatically routes rejected complaints to the Internal Ombudsman on the designated day and triggers mandatory external communications.
- Lessons Learnt: Fair Practices require contractual backing for any customer charges. Furthermore, consumer grievance frameworks must operate on tight, system-driven timelines rather than manual reviews.
RBI Press Release
2. Vita Merchants’ Co-operative Bank Ltd., Maharashtra
Penalty Amount: ₹3.10 Lakh
Date of Order: February 13, 2026
Key Details
- Violations: Non-compliance with directions on ‘Exposure Norms and Statutory / Other Restrictions UCBs’ and ‘Fair Lending Practice Penal Charges in Loan Accounts’.
- Specific Triggers: The bank sanctioned loans to certain nominal members in excess of the prescribed regulatory limit. Additionally, it had not communicated the levy of penal charges and the reasons thereof to certain borrowers.
Analytical Breakdown
- Root Cause Analysis (RCA): The excess sanctioning points to a lack of automated credit exposure hard-stops in the Core Banking System (CBS) for nominal members. The communication failure suggests a manual, rather than automated, workflow for dispatching penal charge notifications.
- Preventive Controls: Implement mandatory system-level validation blocks that prevent loan origination if nominal member exposure limits are breached. Integrate an automated SMS/email trigger system linked to the loan module to notify borrowers instantly when penal charges are applied.
- Lessons Learnt: Regulatory compliance in lending extends beyond initial appraisal; transparent, documented communication during the loan lifecycle is heavily scrutinized.
RBI Press Release
3. The Belagavi District Central Co-operative Bank Limited, Karnataka
Penalty Amount: ₹2 Lakh
Date of Order: February 23, 2026
Key Details
- Violations: Contravention of Section 20 read with Section 56 of the Banking Regulation Act, 1949, and non-compliance with ‘Gold Loan – Bullet Repayment’ and ‘Exposure to Commercial Real Estate’.
- Specific Triggers: The bank sanctioned director-related loans. It also sanctioned gold loans under the bullet repayment scheme beyond the prescribed regulatory limit, and sanctioned a loan to a non-residential commercial real estate project.
Analytical Breakdown
- Root Cause Analysis (RCA): A systemic breakdown in credit appraisal guardrails. There was a failure to flag conflict-of-interest (Director-related entities), a lack of product-level parameter limits (Gold loans), and inadequate sector-specific blocking (CRE).
- Preventive Controls: Implement robust “Related Party” flags in the customer master data to block unauthorized sanctions. Hard-code maximum permissible limits for bullet-repayment gold loans in the CBS, and configure sector-code restrictions to prevent loan creation for non-residential CRE.
- Lessons Learnt: Diversified lending portfolios require granular, system-enforced parameterization to prevent simultaneous multi-regulation breaches.
RBI Press Release
4. The Mahbubnagar District Co-operative Central Bank Ltd., Telangana
Penalty Amount: ₹1 Lakh
Date of Order: February 23, 2026
Key Details
- Violations: Contravention of Section 20 read with Section 56 of the Banking Regulation Act, 1949.
- Specific Triggers: The bank had sanctioned a director-related loan.
Analytical Breakdown
- Root Cause Analysis (RCA): Similar to Belagavi Bank, this indicates a failure in the initial borrower screening process where the applicant’s relationship to the bank’s board was either not captured, ignored, or manually overridden.
- Preventive Controls: Annual mandatory declarations of all director-affiliated entities must be digitized into a centralized “Negative/Restricted List” that automatically halts any loan application associated with those PAN/Aadhaar numbers.
- Lessons Learnt: Statutory restrictions under the BR Act require absolute compliance; manual oversight mechanisms are insufficient for preventing conflict-of-interest lending.
RBI Press Release
5. The Prakasapuram Co-operative Urban Bank Limited, Tamil Nadu
Penalty Amount: ₹50,000
Date of Order: February 23, 2026
Key Details
- Violations: Non-compliance with RBI directions on ‘Declaration of dividend by UCBs’.
- Specific Triggers: The bank had paid dividend from accumulated profits of previous years.
Analytical Breakdown
- Root Cause Analysis (RCA): This indicates a procedural oversight or misinterpretation of RBI guidelines by the bank’s financial and executive committees during the dividend proposal phase, failing to restrict payouts strictly to current-year net profits.
- Preventive Controls: Institutionalize a mandatory compliance checklist for Board meetings regarding dividend declarations. Require the Chief Compliance Officer to formally sign off that the source of dividend funds explicitly matches RBI’s prevailing circulars before Board approval.
- Lessons Learnt: Historical profits cannot be utilized for current dividend payouts without specific regulatory alignment. Capital conservation guidelines must be strictly interpreted.
RBI Press Release
6. The Guntur Women Co-operative Urban Bank Limited, Andhra Pradesh
Penalty Amount: ₹50,000
Date of Order: February 23, 2026
Key Details
- Violations: Non-compliance with directions on ‘Know Your Customer (KYC)’.
- Specific Triggers: The bank had failed to upload the KYC records of customers onto Central KYC Records Registry (CKYCR).
Analytical Breakdown
- Root Cause Analysis (RCA): Likely a reliance on manual data extraction and upload processes, or a broken API integration between the bank’s internal onboarding systems and the external CKYCR portal.
- Preventive Controls: Automate the daily batch extraction and upload of KYC data to CKYCR. Implement a daily reconciliation report that alerts the operations team to any records that failed to upload or were rejected by the registry.
- Lessons Learnt: Regulatory reporting is a daily operational mandate; data siloing within the bank’s own systems violates central registry requirements.