1. Jila Sahakari Bank Limited, Mau
| Penalty Amount: | ₹2.00 Lakh |
| Order Date: | December 31, 2025 |
| Regulation Violated: | RBI Directions on ‘Know Your Customer (KYC)’ |
| Specific Charge: | Failure to review risk categorization of accounts (every 6 months) and failure to carry out periodic KYC updation. |
Root Cause Analysis (RCA)
The primary failure was operational lapse in the Ongoing Due Diligence (ODD) framework. The bank lacked an automated trigger mechanism to flag accounts due for risk re-categorization and KYC refreshment, leading to a static view of customer risk profiles.
Preventive Controls
- CBS Integration: Configure the Core Banking Solution (CBS) to automatically freeze or flag accounts where risk review is overdue by >6 months.
- Dynamic Risk Scoring: Implement a system that triggers a risk review based on transaction patterns, not just elapsed time.
- Dashboard Reporting: Monthly compliance status reports to the Board specifically tracking “KYC Pending” and “Risk Review Overdue” percentages.
Lesson Learnt
Static compliance is non-compliance. KYC is a lifecycle process, not a one-time onboarding event. Banks must treat risk categorization as a fluid metric that requires constant periodic assessment.
RBI Press Release
2. Shaha Finlease Private Limited
| Penalty Amount: | ₹10,000 |
| Order Date: | January 02, 2026 |
| Regulation Violated: | RBI Directions on ‘Fair Practices Code’ (FPC) |
| Specific Charge: | Failure to put in place a system for periodical review of compliance with the ‘Fair Practices Code’. |
Root Cause Analysis (RCA)
The entity likely treated the Fair Practices Code as a policy document rather than an active compliance framework. The absence of a Review Mechanism indicates a governance gap where policy existence was mistaken for policy adherence.
Preventive Controls
- Annual Compliance Calendar: Include “FPC Review” as a mandatory agenda item for Board Meetings at least annually (or half-yearly).
- Audit Checklist: Internal auditors must verify not just if the FPC exists, but when it was last reviewed and if staff are trained on it.
- Customer Grievance Feedback: Use grievance data as a metric to review the effectiveness of the FPC.
Lesson Learnt
Governance requires evidence. It is insufficient to merely adopt a code; the regulator requires demonstrable proof (minutes of meetings, review reports) that the code is reviewed and functioning.
RBI Press Release
3. Sankhya Financial Services Private Limited
| Penalty Amount: | ₹40,000 |
| Order Date: | December 29, 2025 |
| Regulation Violated: | Guidelines on purchase/sale of Non-Performing Assets (NPAs) |
| Specific Charge: | Assignment of a non-performing asset to an ineligible entity. |
Root Cause Analysis (RCA)
The root cause was a failure in the Counterparty Due Diligence process. The checks regarding the eligibility criteria of the assignee (the entity buying the debt) were either missing or bypassed during the transaction execution.
Preventive Controls
- Eligibility Checklist: Mandatory sign-off sheet for all asset sales, specifically vetting the buyer against RBI’s permitted entity list (e.g., Banks, ARCs, NBFCs).
- Legal Opinion: Requirement for an external legal opinion on the eligibility of the counterparty before executing the Assignment Agreement.
- Maker-Checker Control: Separation of duties where the sales team negotiates the deal, but a compliance officer must approve the counterparty KYC.
Lesson Learnt
Know Your Buyer. Regulatory scrutiny extends beyond how you treat borrowers to who you sell your loans to. Selling stressed assets requires as much due diligence as originating them.