RBI Issues Revised Master Directions On Fraud
The Hon’ble Supreme Court (“SC”) in State Bank of India & Ors. v. Rajesh Agarwal & Ors.[i] had clarified that principles of natural justice must be upheld while declaring any individual / entity as fraud. Further, the SC emphasized the necessity of serving notice, providing opportunity to submit representation and passing of a reasoned order before classifying any individual / entity as fraud.
Considering the guidelines of the SC in the above matter, the Reserve Bank of India (“RBI”) on 15th July 2024, issued Master Directions, 2024 (“Master Directives”) bearing no. DOS.CO.FMG.SEC.No.5/23.04.001/2024-25 on Fraud Risk Management in Commercial Banks (including Regional Rural Banks) and All India Financial Institutions (AIFIs). This Master Circular of 2024, supersedes the 2016 guidelines[ii] and aims to enhance the framework for preventing, detecting, and reporting frauds within the banking sector. Similarly, RBI issued two other revised Master Directions on Fraud Risk Management for Cooperative Banks[iii] and Non-Banking Finance Companies[iv].
The key aspects and implications of these Master Directions 2024 are as follows:
1. Scope of these directives:
- Persons (including Third Party Service Providers and Professionals such as Architects, Valuers, Chartered Accountants, Advocates etc.) Entities and its Promoters / Whole-time and Executive Directors can be investigated for alleged fraud.
- The 2024 Guidelines clarifies as regards to Non- Whole-time Directors (such as Nominee Directors and Independent Directors) are normally not in charge of, or responsible for the conduct of the business of the Company, Banks may take into the consideration before proceeding against such Directors.
- Thus, for roping such Nominee Directors / Independent Directors, Banks will have to provide substantial proof against them.
2. Treatment of accounts under Resolution:
- The Directives provide that, in case an entity has undergone resolution, as a consequence of which there is a change in the management / control of the entity, it will be at discretion of the Bank whether to retain the entity classified as fraud or otherwise.
- However, the penal measures shall not be applicable to the entities after the implementation of the Resolution Plan under the IBC.
- The Penal Measures and Criminal action shall continue against erstwhile promoter(s) / director(s) / person(s) who were in charge and responsible for the management of the affairs of the entity / business enterprise.
3. Penal Measures:
Persons / Entity classified as fraud are debarred from raising funds / availing any further credit facilities for five years.
4. Governance Structure for Fraud Risk Management:
- RBI mandates the Banks to adopt Board approved Fraud Risk Management Policy for Fraud prevention and detention to be reviewed by the Board at least once in three years. The said Policy should detail therein the roles and responsibility of the Board of Directors of the Bank and should ensure adherence to the principles of natural justice.
- The Show Cause Notice (“SCN”) shall comprise of detailed information regarding transactions, actions and events forming the basis for considering fraud declaration and providing reasonable period of at least 21 days for the recipients to respond to the SCN.
- Banks must maintain a systematic process for issuing SCNs and for evaluating responses from individuals / entities under investigation before making any determination of fraudulent activity.
- Upon review, a reasoned order incorporating relevant facts, responses to SCNs, and the rationale behind the classification should be issued to convey by the Bank’s decision regarding the classifying accounts as fraudulent.
5. Framework for Early Detection of Frauds:
- A significant focus of the new Guidelines is the early detection of frauds through a robust framework for Early Warning Signals (EWS) and Red Flagging of Accounts (RFA).
- Banks are required to integrate EWS with their Core Banking Solutions to monitor transactions effectively.
- The Guidelines stipulate a systematic approach to identifying, investigating, and acting upon suspicious activities, thereby mitigating potential risks at an early stage.
6. Red-flagged Account and Reporting of Fraud:
- External and Internal Audit can be conducted on red-flag accounts.
- The decision to classify any account, either standard or NPA, as a red-flagged account shall be at the individual bank level and such bank(s) shall report the status of the account on the RBI’s Central Repository of Information on Large Credits (“CRILC”) platform within seven days.
- After an account is red flagged, the decision to classify the same as fraud or otherwise should be done within 180 days.
- Banks shall, after complying with the principles of natural justice, report to Indian Banks’ Association the details of such third parties or professionals involved in frauds.
7. Reporting of Incidents of Fraud:
- The Directives provide categories for reporting fraud to maintain uniformity such as misappropriation of funds and criminal breach of trust; fraudulent encashment through forged instruments amongst others as prescribed under Clause 6.1 of the Master Directives.
- Fraudulent electronic banking / digital payment related transactions committed on banks; and other type of fraudulent activity not covered under any of the above.
- Instances of payment system related disputes suspected or attempted fraudulent transactions are to be reported to Central Payments Fraud Information Registry (“CPFIR”).
- Banks shall adhere to the timeframe prescribed in these Master Directions for reporting of fraud cases to RBI such as individual fraud cases, fraud at overseas branches, amongst other as prescribed under Clause 6.3 of the Directives.
- In exceptional circumstances, the Bank upon such approval can withdraw the Fraud Monitoring Return.
- Banks are obligated to lodge complaint to law enforcement agency.
8. Reporting and Investigation:
- The updated Guidelines provide detailed instructions on reporting frauds to the RBI and other relevant authorities.
- Banks are required to establish a governance structure that ensures effective oversight and implementation of the EWS and RFA frameworks. The Risk Management Committee of the Board (“RMCB”) assumes responsibility for supervising aforesaid frameworks.
- Banks are also required to establish dedicated Data Analytics and Market Intelligence (MI) Units tailored to their operational needs, enhancing their ability to detect and prevent potential fraudulent activities across diverse banking operations.
- Additionally, Banks must extend their EWS frameworks to monitor non-credit related transactions, including digital channels, ensuring these systems are continually tested and improved to maintain integrity and adaptability against emerging fraud risks. Compliance with reporting requirements, particularly concerning accounts meeting CRILC thresholds, is crucial to align with regulatory mandates and mitigate fraud risks effectively. Banks are required to implement or upgrade their EWS systems within six months from the issuance of regulatory directives.
9. Closure of Fraud Cases:
- Banks shall close cases of fraud reported, post the completion of necessary actions and legal proceedings.
- Banks are directed to maintain records of all the closed cases of fraud for future audit purposes.
10. Special Committee:
- Banks are required to constitute a ‘Special Committee of the Board for Monitoring and Follow-up of cases of Frauds’ (“SCBMF”) comprising of minimum three members, (including a whole-time director and a minimum of two independent directors / non-executive directors).
- The role of the SCBMF is to monitor, review and propose risk management framework for reducing cases of fraud.
- The Senior Management is accountable for implementing the Board-approved fraud risk management policy. They are also required to periodically report incidents of fraud to the Board or its Audit Committee as necessary.
- Additionally, Banks must establish a transparent mechanism to handle Whistleblower complaints related to potential fraud or suspicious activities, ensuring compliance with their Whistleblower Policy.
11. Staff Accountability:
- Banks have to examine the staff accountability of their senior management in fraud cases, as per their Internal Policy.
- Examination of staff accountability as per the guidelines issued by the Central Vigilance Commission is required.
12. Additional Directives:
- Banks to frame policy to avail information from Central Fraud Registry for credit risk and fraud risk.
- Banks to report payment system related disputed to Central Payments Fraud Information Registry maintained by RBI.
- Banks are required to periodically carry out legal audit of the title deeds and other related documents in respect of credit facility amounting to Rs. 5 Cr and above till repayment / closure.
- Prior to transferring of loan account / credit facility to other lenders, due diligence for fraud must be conducted and the same has to be reported to RBI and NABARD.
- In the cases, the auditor appointed comes across fraudulent transactions the same has to be notified to the senior management of the Bank
- Banks have to report instances of theft, burglary, dacoity and robbery (including attempted cases), to Fraud Monitoring Group (FMG), Department of Supervision, Central Office, RBI within seven days and also submit quarterly report covering all such cases.
The RBI’s new master directions on fraud risk management represent a comprehensive effort to strengthen the banking sector’s against fraud by emphasizing early detection, stringent reporting and robust governance structures, to safeguard the integrity of the financial system.
[i] Civil Appeal No.7300 of 2022.
[ii] Master Directions on Frauds – Classification and Reporting by commercial banks and select FIs (Updated as on July 03, 2017).
[iii] Master Directions on Fraud Risk Management in Urban Cooperative Banks (UCBs) / State Cooperative Banks (StCBs) / Central Cooperative Banks (CCBs).
[iv] Master Directions on Fraud Risk Management in Non-Banking Financial Companies (NBFCs) (including Housing Finance Companies).