RBI/DoS/2026-27/XX
DoS.CO.FMG.XX/23.04.001/2026-27 XXXX XX, 2026 Reserve Bank of India (Regional Rural Banks – Fraud Risk Management) Directions, 2026 Introduction These Directions are issued with a view to providing a framework for prevention, early detection, and timely reporting of incidents of fraud by Regional Rural Banks to Law Enforcement Agencies (LEAs) and National Bank for Agriculture and Rural Development (NABARD) and dissemination of information by NABARD and matters connected therewith or incidental thereto. In exercise of the powers conferred under Section 21 and Section 35-A of the Banking Regulation Act, 1949, and all other provisions / laws enabling RBI in this regard, RBI being satisfied that it is necessary and expedient in public interest so to do, hereby issues these Directions hereinafter specified. Chapter I - Preliminary A. Short Title and Commencement 1. These Directions shall be called the Reserve Bank of India (Regional Rural Banks - Fraud Risk Management) Directions, 2026. 2. These Directions shall come into effect immediately upon issuance. B. Applicability 3. These Directions shall be applicable to Regional Rural Banks (hereinafter collectively referred to as ‘RRBs’ and individually as ‘RRB’) as defined under Clause (ja) of Section 5 of the Banking Regulation Act, 1949. C. Definitions 4. In these Directions, unless the context states otherwise, the terms herein shall bear the meaning assigned to them below: (1) ‘Date of Classification’, for the purpose of reporting, is the date when due approval from the competent authority has been obtained for such classification, and the reasoned order is passed. (2) ‘Date of Detection’, for the purpose of reporting, is the actual date when the fraud came to light in the concerned branch / audit / department of the RRB, as the case may be, and not the date of approval by the competent authority of the RRB. (3) ‘Date of Occurrence’, for the purpose of reporting, is the date when the actual misappropriation of funds has started taking place, or the event occurred, as evidenced / reported in the audit or other findings. (4) 'Red Flagged Account' is one where suspicion of fraudulent activity is thrown up by the presence of one or more Early Warning Signal (EWS) indicators, alerting / triggering deeper investigation from potential fraud angle and requiring initiation of preventive measures by the RRBs. Chapter II - Governance and Oversight A. Governance Structure for Fraud Risk Management 5. There shall be a Board approved policy on Fraud Risk Management delineating roles and responsibilities of Board / Board Committees and Senior Management of the RRB. The policy shall inter alia contain measures towards prevention, early detection, investigation, staff accountability, monitoring, recovery, and reporting of frauds as well as a framework for Early Warning Signals (EWS) and Red Flagging of Accounts (RFA). In this context, ‘Board’ will refer to ‘Board of Directors’ of the RRB. 6. The policy shall also incorporate measures for ensuring compliance with principles of natural justice1 in a time-bound manner, which at a minimum, shall include: (1) Issuance of a detailed Show Cause Notice (SCN) to the Persons (including Third Party Service Providers and Professionals such as architects, valuers, chartered accountants, advocates, etc.), Entities and their Promoters / Whole Time Directors (WTDs) and Executive Directors (EDs) against whom allegation of fraud is being examined. The SCN shall provide complete details of transactions / actions / events basis which declaration and reporting of a fraud is being contemplated under these Directions. As non-Whole Time Directors (like nominee directors and independent directors) are normally not in charge of, or responsible to the company for the conduct of business of the company, the RRB may take this into consideration before proceeding against such directors under these Directions. (2) A reasonable time of not less than 21 days shall be provided to the Persons / Entities on whom the SCN was served to respond to the said SCN. (3) The RRB shall have a well laid out system for issuance of SCN and examination of the responses / submissions made by the Persons / Entities prior to declaring such Persons / Entities as fraudulent. (4) A reasoned Order shall be served on the Persons / Entities conveying the decision of the RRB regarding declaration / classification of the account as fraud or otherwise. Such Order(s) must contain relevant facts / circumstances relied upon, the submission made against the SCN and the reasons for classification as fraud or otherwise. Explanation: The requirement of ensuring compliance to the principles of natural justice is applicable to all Persons / Entities and their Promoters / WTDs and EDs classified as fraud by the RRB. In other words, this requirement is applicable in all cases of fraud classification which may have civil consequences (i.e., penal measures, caution listing) as observed in the Judgement of the Hon’ble Supreme Court dated March 27, 2023 (Civil Appeal No. 7300 of 2022 in the matter of State Bank of India & Ors. Vs. Rajesh Agarwal & Ors.). 7. The Fraud Risk Management Policy shall be reviewed by the Board at least once in three years, or more frequently, as may be prescribed by the Board. 8. Special Committee of the Board for Monitoring and Follow-up of cases of Frauds: (1) The RRB shall constitute a Committee of the Board to be known as ‘Special Committee of the Board for Monitoring and Follow-up of cases of Frauds’ (SCBMF) with a minimum of three members of the Board, consisting of a WTD and a minimum of two independent directors / non-Executive Directors. The Committee shall be headed by one of the independent directors / non-Executive Directors. (2) SCBMF shall oversee the effectiveness of the Fraud Risk Management in the RRB. SCBMF shall review and monitor cases of frauds, including root cause analysis, and suggest mitigating measures for strengthening the internal controls, risk management framework and minimising the incidence of frauds. The coverage and periodicity of such reviews shall be decided by the Board of the RRB. The coverage may include, among others, categories / trends of frauds, industry / sectoral / geographical concentration of frauds, delay in detection / classification of frauds and delay in examination / conclusion of staff accountability, etc. (3) The threshold amount of fraud cases to be placed before the SCBMF shall be decided by the Board of the RRB, after duly taking into account the scale and complexity of its operations. 9. The Senior Management shall be responsible for implementation of the fraud risk management policy approved by the Board of the RRB. A periodic review of incidents of fraud shall also be placed before Board / Audit Committee of Board (ACB), as appropriate, by the Senior Management of the RRB. 10. The RRB shall put in place a transparent mechanism to ensure that Whistle Blower complaints on possible fraud cases / suspicious activities in account(s) are examined and concluded appropriately under its Whistle Blower Policy. 11. The RRB shall set-up an appropriate organisational structure for institutionalisation of Fraud Risk Management within its overall risk management functions / Department. Fraud Risk Management includes prevention, early detection, investigation, staff accountability, monitoring, recovery, analysis and reporting of frauds, etc. and other related aspects under the Board approved Policy. A senior official in the rank of at least a General Manager or equivalent shall be responsible for monitoring and reporting of frauds. Chapter III - Early Detection of Frauds - Framework for Early Warning Signals and Red Flagging of Accounts A. Governance Structure 12. The RRB shall have a framework for EWS and Red Flagging of Accounts (RFA) under the overall Fraud Risk Management Policy approved by the Board. 13. The Risk Management Committee of the Board (RMCB) shall oversee the effectiveness of the Board-approved framework for EWS and RFA. The Senior Management shall be responsible for implementation of a robust Framework for EWS and RFA within the RRB. 14. The EWS indicators identified for monitoring credit facilities / loan accounts and other banking transactions shall be approved by the RMCB. Appropriate Turnaround Time (TAT), preferably not more than 30 days, for examination of EWS alerts / triggers shall be prescribed by the RMCB. 15. RMCB shall review the status of red flagged accounts, including the EWS alerts / triggers, remedial actions initiated by the RRB, etc. at periodic intervals as approved by the Board. 16. The EWS / RFA framework shall be subject to suitable validation in accordance with the directions of RMCB so as to ensure its integrity, robustness and consistency of the outcomes. 17. The EWS / RFA Framework shall provide for, among others: (1) A system of robust EWS which is integrated with Core Banking Solution (CBS) or other operational systems; (2) Initiation of remedial action on alerts / triggers from EWS System in a timely manner; and (3) Periodic review of credit sanction and monitoring processes, internal controls and systems. 18. The RRB shall put in place / suitably upgrade its existing EWS system on an ongoing basis. B. EWS / RFA Framework for Credit Facilities / Loan Accounts 19. Development of EWS System: The EWS system shall be comprehensive and designed to include both the quantitative and qualitative indicators to make the framework robust and effective. The broad indicators which the EWS system may illustratively capture could be based on the transactional data of accounts, financial performance of borrowers, market intelligence, conduct of the borrowers, etc. 20. Data Analytics and Market Intelligence (MI) Unit: The RRB shall set up a dedicated Data Analytics and MI Unit keeping in view its size, complexity, business mix, risk profile, etc. Such Unit shall facilitate collection and processing of relevant information to enable an early detection and prevention of potentially fraudulent activities. 21. Generation of EWS alert(s) / trigger(s) shall necessitate examination whether the account needs to be red flagged and consequently, investigation from potential fraud angle. C. EWS Framework for Other Banking / Non-Credit Related Transactions 22. The RRB shall develop / strengthen its EWS system by identifying suitable indicators and parameterising them in its EWS system for monitoring other banking / non-credit related transactions. The RRB shall strive to continuously upgrade the EWS system for enhancing its integrity and robustness, monitor other banking / non-credit related transactions efficiently and prevent fraudulent activities through the banking channel. Further, the effectiveness of EWS system shall be tested periodically. 23. The design and specification of EWS system shall be robust and resilient to ensure that integrity of system is maintained, personal and financial data of customers are secure and transaction monitoring for prevention / detection of potential fraud is on real-time basis or with a minimum time lag without compromising the effectiveness of the outcome of EWS system in prevention / detection of potential frauds. The RRB shall remain vigilant in monitoring transactions / unusual activities, specifically in the non-KYC compliant and money mule accounts etc., to contain unauthorised / fraudulent transactions and to prevent misuse of banking channel. 24. The Data Analytics and MI Unit or other dedicated analytics set up in the RRB shall extensively monitor and analyse other banking / non-credit related transactions, more specifically the transactions through digital platforms and applications, in order to identify unusual patterns and activities which could alert the RRB timely in initiating appropriate measures towards prevention of fraudulent activities. Chapter IV - General Instructions A. Credit facility / Loan account classified as Red-flagged Account and Reporting of Fraud 25. In case of a credit facility / loan account classified as red-flagged account, the RRB shall use an external audit, or an internal audit as per its Board approved policy, for further investigation in such accounts. 26. The RRB shall frame a policy on engagement of external auditors covering aspects such as due diligence, competency and track record of the auditors, among others. Further, the contractual agreement with the auditors shall, inter alia, contain suitable clauses on timeline for completion of the audit and submission of audit report to the RRB within a specified time limit, as approved by the Board. 27. The loan agreement with the borrower shall contain clauses for conduct of such audit at the behest of lender(s) consequent upon red flagging of the account. In cases where the audit report submitted remains inconclusive or is delayed due to non-cooperation by the borrower, the RRB shall conclude on status of the account as a fraud or otherwise based on the material available on its record and its own internal investigation / assessment in such cases. The RRB shall ensure that principles of natural justice are strictly adhered to before classifying / declaring an account as fraud (refer to Paragraph 6). 28. The decision to classify any account, either standard or NPA, as a red-flagged account shall be at the individual RRB level. 29. The RRB (in case of sole lending) or the individual RRBs (in case of multiple banking arrangement or consortium lending) shall ensure that the principles of natural justice (refer to Paragraph 6) are strictly adhered to before classifying / declaring an account as fraud. 30. Once an account has been red-flagged, the entire process of classification of the account as fraud or removal of red-flagged status shall ordinarily be completed within 180 days from the date of classifying the account as red-flagged. Cases remaining in red-flagged status beyond 180 days shall be reported to the SCBMF for review with adequate reasoning / justification thereof. Such cases shall also be subject to supervisory review. 31. In case an account is identified as a fraud by any RRB, the borrowal accounts of other group companies2, in which one or more promoter(s) / WTDs are common, shall also be subjected to examination by Regulated Entities (REs) concerned from fraud angle under these Directions. 32. In cases where Law Enforcement Agencies (LEAs) have suo moto initiated investigation involving a borrower account, the RRB shall immediately red-flag the account and follow the usual process for classification of account as fraud and complete the same within the stipulated period as specified at Paragraph 30 above. B. Independent Confirmation from Third-party Service Providers including Professionals 33. The RRB places reliance on various third-party service providers as part of pre-sanction appraisal and post-sanction monitoring. Therefore, the RRB may incorporate necessary terms and conditions in its agreements with third-party service providers to hold them accountable in situations where wilful negligence / malpractice by them is found to be a causative factor for fraud. 34. The RRB shall, after complying with the principles of natural justice, report to Indian Banks’ Association (IBA) the details of such third parties or professionals involved in frauds. IBA would, in turn, prepare caution lists of such third parties for circulation among banks. C. Staff Accountability 35. The RRB shall initiate and complete the examination of staff accountability in all fraud cases in a time-bound manner in accordance with its internal policy. 36. In cases involving very senior executives of the RRB (MD & CEO / ED / Executives of equivalent rank), the ACB shall initiate examination of their accountability and place it before the Board. Such executives shall not participate in the meeting of the Board / ACB / SCBMF in which their accountability is to be considered. D. Penal Measures 37. Persons / Entities classified and reported as fraud by the RRB and also Entities and Persons associated with such Entities, shall be debarred from raising of funds and / or seeking additional credit facilities from financial entities regulated by RBI, for a period of five years from the date of full repayment of the defrauded amount / settlement amount agreed upon in case of a compromise settlement. Explanation: (1) If it is an Entity, another Entity will be deemed to be associated with it if that Entity is (i) a subsidiary company as defined under clause 2 (87) of the Companies Act, 2013 or (ii) falls within the definition of a ‘joint venture’ or an ‘associate company’ under clause (6) of section 2 of the Companies Act, 2013. (2) In case of a Natural Person, all entities in which she / he is associated as promoter, or director, or as one in charge and responsible for the management of the affairs of the entity shall be deemed to be associated. 38. Lending to such Persons / Entities, being commercial decisions, the lending RRB shall have the sole discretion to entertain or decline such requests for credit facilities after the expiry of the mandatory cooling period as mentioned at Paragraph 37 above. E. Treatment of Accounts under Resolution 39. In case an entity classified as fraud has subsequently undergone a resolution either under Insolvency and Bankruptcy Code, 2016 (IBC) or under the resolution framework of RBI3, resulting in a change in the management and control of the entity / business enterprise, the RRB shall examine whether the entity shall continue to remain classified as fraud or the classification as fraud could be removed after implementation of the Resolution Plan under IBC or aforesaid resolution framework. This would, however, be without prejudice to the continuance of criminal action against erstwhile promoter(s) / director(s) / person(s) who were in charge and responsible for the management of the affairs of the entity / business enterprise. 40. The penal measures as detailed in Paragraphs 37 and 38 shall not be applicable to entities / business enterprises after implementation of the Resolution Plan under IBC or aforesaid resolution framework. 41. The penal measures detailed in Paragraphs 37 and 38 shall continue to apply to the erstwhile promoter(s) / director(s) / persons who were in charge and responsible for the management of the affairs of the entity / business enterprise. Chapter V - Reporting of Frauds to Law Enforcement Agencies 42. The RRB shall immediately report the incidents of fraud to LEAs, subject to applicable laws, as indicated below4: | Category of bank | Amount involved in the fraud | LEA to whom complaint should be lodged | | Regional Rural Banks | (a) Below ₹6 crore | State / UT Police | | (b) ₹6 crore and above | Central Bureau of Investigation (CBI) | Note: (1) As the thresholds for reporting to LEAs vary across the States / UTs, these reporting requirements have been prescribed after due consultation with Central Vigilance Commission, Department of Financial Services, Government of India and select LEAs. (2) In case of consortium lending, each of the consortium member may file separate complaints, if separate offences have been committed in respect of each of them and if the fraud so committed is not part of the same fraudulent act / transaction. In other cases of such lending, only one member may file a complaint, and all the other members may extend necessary support to the said member and the LEAs in investigation of the fraud, including by way of providing all necessary information, documents etc. The RRB may take a decision in this regard depending on the facts and circumstances that may be relevant in a given case and the applicable laws. 43. The RRB shall establish suitable nodal point(s) / designate officer(s) for reporting incidents of fraud to LEAs and for proper coordination to meet the requirements of the LEAs. Chapter VI - Reporting of Incidents of Fraud 44. The RRB shall report incidents of fraud to NABARD in the manner and in Returns / Formats as prescribed by NABARD. Chapter VII - Cheque Related Frauds - Reporting to Law Enforcement Agencies and National Bank for Agriculture and Rural Development 45. To ensure uniformity and avoid duplication, reporting of frauds involving forged instruments, including fake / forged instruments sent in clearing in respect of truncated instruments, shall continue to be done by the paying banker and not by the presenting banker. In such cases the presenting bank shall immediately handover the underlying instrument to the drawee / paying bank, as and when demanded, to enable them to inform LEAs for investigation and further action under law and to report the fraud to NABARD. 46. However, in the case of presentment of an instrument which is genuine but payment has been made to a person who is not the true owner; or where the amount has been credited before realisation and subsequently the instrument is found to be fake / forged and returned by the paying bank, the presenting bank which is defrauded or is put to loss by paying the amount before realisation of the instrument shall file the fraud report with NABARD and inform the LEAs for investigation and further action under law. Chapter VIII - Other Instructions A. Legal Audit of Title Documents in respect of Large Value Loan Accounts 47. The RRB shall subject the title deeds and other related title documents in respect of all credit facilities of ₹1 crore and above to periodic legal audit and re-verification, till the loan is fully repaid. The scope and periodicity of legal audit shall be in accordance with the Board approved policy referred to in Paragraph 5 above. B. Treatment of Accounts classified as Fraud and sold to other Lenders / Asset Reconstruction Companies5 48. The RRB shall complete the investigation from fraud angle before transferring the loan account / credit facility to other lenders / Asset Reconstruction Companies (ARCs). In cases where the RRB concludes that a fraud has been perpetrated in the account, they shall report it to NABARD before selling the accounts to other lenders / ARCs. In cases where accounts are sold to ARCs, the RRB shall continue to report subsequent developments in such accounts to NABARD, by obtaining requisite information periodically from the concerned ARCs. C. Role of Auditors 49. During the course of the audit, auditors may come across instances where the transactions in the account or the documents point to the possibility of fraudulent transactions in the account. In such a situation, the auditor should immediately bring it to the notice of the senior management and if necessary, to the ACB of the RRB for appropriate action. 50. Internal Audit in the RRB shall cover controls and processes involved in prevention, detection, classification, monitoring, reporting, closure, and withdrawal of fraud cases, as well as weaknesses observed in the critical processes in the fraud risk management framework of the RRB, including delay in reporting, non-reporting, conduct of staff accountability examination, prudential provisioning, etc. Chapter IX - Reporting Cases of Theft, Burglary, Dacoity and Robbery 51. The RRB shall report cases of theft, burglary, dacoity and robbery to NABARD in the manner and in Returns / Formats as prescribed by NABARD Chapter X - Repeal and Other Provisions A. Repeal and Saving 52. With the issue of these Directions, the existing directions, instructions, and guidelines relating to Fraud Risk Management as applicable to Regional Rural Banks stand repealed, as communicated vide circular no. XX dated XXXX XX, 2026. The directions, instructions, and guidelines already repealed vide any of the directions, instructions, and guidelines listed in the above circular shall continue to remain repealed. 53. Notwithstanding such repeal, any action taken or purported to have been taken, or initiated under the repealed directions, instructions, or guidelines shall continue to be governed by the provisions thereof. All approvals or acknowledgments granted under these repealed lists shall be deemed as governed by these Directions. Further, the repeal of these directions, instructions, or guidelines shall not in any way prejudicially affect: (1) any right, obligation or liability acquired, accrued, or incurred thereunder; (2) any penalty, forfeiture, or punishment incurred in respect of any contravention committed thereunder; (3) any investigation, legal proceeding, or remedy in respect of any such right, privilege, obligation, liability, penalty, forfeiture, or punishment as aforesaid; and any such investigation, legal proceedings or remedy may be instituted, continued, or enforced and any such penalty, forfeiture or punishment may be imposed as if those directions, instructions, or guidelines had not been repealed. B. Application of Other Laws not barred 54. The provisions of these Directions shall be in addition to, and not in derogation of the provisions of any other laws, rules, regulations, or directions, for the time being in force. C. Interpretations 55. For giving effect to the provisions of these Directions or to remove any difficulties in the application or interpretation of the provisions of these Directions, RBI may, if it considers necessary, issue necessary clarifications in respect of any matter covered herein and the interpretation of any provision of these Directions given by RBI shall be final and binding. (C. Saravanan)
Chief General Manager
|