भारतीय �रज़वर् बैंक

RESERVE BANK OF INDIA

www.rbi.org.in

RBI/DOS/2024-25/118
DOS.CO.FMG.SEC.No.5/23.04.001/2024-25 July 15, 2024

The Chairman / Managing Director / Chief Executive Officer

All Commercial Banks (including Regional Rural Banks)
All India Financial Institutions (AIFIs) 1

Madam / Dear Sir,

Master Directions on Fraud Risk Management in Commercial Banks (including

Regional Rural Banks) and All India Financial Institutions

Please find enclosed as Annex ‘Reserve Bank of India (Fraud Risk Management in
Commercial Banks (including Regional Rural Banks) and All India Financial
Institutions) Directions, 2024’ issued in exercise of the powers conferred under
Chapter III-A and Chapter III-B of the Reserve Bank of India Act, 1934, and Section
21 and Section 35A of the Banking Regulation Act, 1949. These Directions shall
supersede the earlier Directions on the subject, namely, the Reserve Bank of India
(Frauds - Classification and Reporting by commercial banks and select FIs) Directions
2016 (Ref.DBS.CO.CFMC.BC.No.1/23.04.001/2016-17) dated July 01, 2016
(Updated as on July 03, 2017).

Yours faithfully

(Rajnish Kumar)
Chief General Manager

Encl.: as above

1 Export-Import Bank of India (‘Exim Bank’), National Bank for Agriculture and Rural Development
(‘NABARD’), National Bank for Financing Infrastructure and Development (‘NaBFID’), National Housing
Bank (‘NHB’) and Small Industries Development Bank of India (‘SIDBI’).
पयर्वेक्षण िवभाग, के�ीय कायार्लय, व�र् ट� े ड सेंटर, सेंटर-1, कफ परे ड, कोलाबा, मुंबई – 400 005
टे लीफोन: 022- 2218 9131 फै�: 022-2218 0157 ई-मेल - [email protected]
Department of Supervision, Central Office, World Trade Centre, Centre I, Cuffe Parade, Colaba, Mumbai - 400 005
Tel: 022-2218 9131 Fax: 022-2218 0157 e-mail: [email protected]
 Annex
Master Directions (MD) on Fraud Risk Management in Commercial Banks
(including Regional Rural Banks) and All India Financial Institutions (AIFIs)
CONTENTS
INTRODUCTION
CHAPTER I
1.1 Short Title and Commencement
1.2 Applicability
1.3. Purpose
CHAPTER II
2. Governance Structure in banks for Fraud Risk Management
CHAPTER III
3. Early Detection of Frauds – Framework for Early Warning Signals (EWS) and Red
Flagging of Accounts (RFA)
CHAPTER IV
4.1 Credit facility / Loan account classified as Red-flagged Account and Reporting of
Fraud
4.2 Independent confirmation from the third-party service providers including professionals
4.3 Staff Accountability
4.4 Penal Measures
4.5 Treatment of accounts under Resolution
CHAPTER V
5. Reporting of Frauds to Law Enforcement Agencies (LEAs)
CHAPTER VI
6.1 Reporting of Incidents of Fraud to Reserve Bank of India (RBI)
6.2 Central Fraud Registry (CFR)
6.3 Modalities of Reporting Incidents of Fraud to RBI
6.4 Closure of Fraud Cases Reported to RBI
CHAPTER VII
7. Cheque Related Frauds - Reporting to LEAs and RBI / NABARD
CHAPTER VIII
8. Other Instructions
8.1 Legal Audit of Title Documents in respect of Large Value Loan Accounts
8.2 Treatment of Accounts classified as Fraud and sold to other Lenders / Asset
Reconstruction Companies (ARCs)
8.3 Role of Auditors
8.4 ‘Date of Occurrence’, ‘Date of Detection’ and ‘Date of Classification’ of Fraud - for the
purpose of reporting under FMR
CHAPTER IX
9. Reporting Cases of Theft, Burglary, Dacoity and Robbery
CHAPTER X
10. Repeal
 INTRODUCTION

In exercise of the powers conferred under Chapter III-A and Chapter III-B of the
Reserve Bank of India Act, 1934, and Section 21 and Section 35-A of the Banking
Regulation Act, 1949, the Reserve Bank of India being satisfied that it is necessary
and expedient in the public interest and in the interest of banking policy to do so,
hereby, issues the Directions hereinafter specified.

CHAPTER I

1.1 Short Title and Commencement

These Directions shall be called the Reserve Bank of India (Fraud Risk Management
in Commercial Banks (including Regional Rural Banks) and All India Financial
Institutions) Directions, 2024.

1.2 Applicability
The provisions of these Directions shall, unless otherwise provided, apply to:
1.2.1 All banking companies [including banks incorporated outside India
licensed to operate in India (foreign banks), Local Area Banks (LABs), Small
Finance Banks (SFBs), Payments Banks (PBs)], Corresponding New Banks 1,
Regional Rural Banks (RRBs) and State Bank of India as defined under sub-
sections (c), (da), (ja) and (nc) of Section 5 of the Banking Regulation Act, 1949
respectively (collectively referred to as ‘Commercial Banks’); and

1.2.2 Export-Import Bank of India (‘Exim Bank’), National Bank for Agriculture
and Rural Development (‘NABARD’), National Bank for Financing Infrastructure
and Development (‘NaBFID’), National Housing Bank (‘NHB’) and Small
Industries Development Bank of India (‘SIDBI’) as established by the Export-
Import Bank of India Act, 1981; the National Bank for Agriculture and Rural
Development Act, 1981; the National Bank for Financing Infrastructure and
Development Act, 2021; National Housing Bank Act, 1987 and the Small
Industries Development Bank of India Act, 1989, respectively (hereinafter
referred to as ‘All India Financial Institutions or ‘AIFIs’.

1.2.3 The Commercial Banks and AIFIs shall hereinafter collectively be referred
to as ‘banks’ for the purpose of these Directions.

1 Nationalised Banks under Banking Companies (Acquisition & Transfer of Undertakings) Act, 1970 /80.
2
1.3 Purpose
These Directions are issued with a view to providing a framework to banks for
prevention, early detection and timely reporting of incidents of fraud to Law
Enforcement Agencies (LEAs), Reserve Bank of India (RBI) and NABARD 2 and
dissemination of information by RBI and matters connected therewith or incidental
thereto.

CHAPTER II

2.1 Governance Structure in banks for Fraud Risk Management

2.1.1 There shall be a Board 3 approved Policy 4 on fraud risk management
delineating roles and responsibilities of Board / Board Committees and Senior
Management of the bank. The Policy shall also incorporate measures for
ensuring compliance with principles of natural justice 5 in a time-bound manner
which at a minimum shall include:

2.1.1.1 Issuance of a detailed Show Cause Notice (SCN) to the

Persons6, Entities and its Promoters / Whole-time and Executive
Directors against whom allegation of fraud is being examined 7. The SCN
shall provide complete details of transactions / actions / events basis
which declaration and reporting of a fraud is being contemplated under
these Directions.

2.1.1.2 A reasonable time of not less than 21 days shall be provided to

the Persons / Entities on whom the SCN was served to respond to the
said SCN.

2 RRBs shall report the incidents of fraud to NABARD as hitherto.

3 Board of Directors for domestic banks and Local Advisory Board in the case of foreign banks operating
in India.
4 The policy shall inter alia contain measures towards prevention, early detection, investigation, staff

accountability, monitoring, recovery and reporting of frauds.

5 Please refer to the judgement of the Hon’ble Supreme Court dated March 27, 2023 on Civil Appeal

No.7300 of 2022 in the matter of State Bank of India & Ors Vs. Rajesh Agarwal & Ors. and connected
matters, read with the Order dated May 12, 2023 passed by the Hon’ble Supreme Court in Misc.
Application. No.810 of 2023, specifically in relation to serving a notice, giving an opportunity to submit
a representation before classifying Persons / Entities as fraud and passing a reasoned order. The
orders of the Hon’ble High Court of Bombay dated August 7, 2023 in Writ Petition (L) No. 20751 of 2023
and the Hon’ble High Court of Gujarat dated August 31, 2023 in Special Civil Application No. 12000 of
2021 and connected matters shall be referred to.
6Including Third Party Service Providers and Professionals such as architects, valuers, chartered

accountants, advocates, etc.

7 As non-whole-time directors (like nominee directors and independent directors) are normally not in

charge of, or responsible to the company for the conduct of business of the company, banks may take
this into consideration before proceeding against such directors under these Directions.
3
 2.1.1.3. Banks shall have a well laid out system for issuance of SCN and
examination of the responses / submissions made by the Persons /
Entities prior to declaring such Persons / Entities as fraudulent.

2.1.1.4 A reasoned Order shall be served on the Persons / Entities

conveying the decision of the bank regarding declaration / classification
of the account as fraud or otherwise. Such Order(s) must contain
relevant facts / circumstances relied upon, the submission made against
the SCN and the reasons for classification as fraud or otherwise.

2.1.2 The Fraud Risk Management Policy shall be reviewed by the Board at
least once in three years, or more frequently, as may be prescribed by the
Board.

2.1.3 Special Committee of the Board for Monitoring and Follow-up of

cases of Frauds:
2.1.3.1 Banks shall constitute a Committee of the Board to be known as
‘Special Committee of the Board for Monitoring and Follow-up of cases
of Frauds’ (SCBMF) with a minimum of three members of the Board,
consisting of a whole-time director and a minimum of two independent
directors / non-executive directors. The Committee shall be headed by
one of the independent directors / non-executive directors.

2.1.3.2 SCBMF shall oversee the effectiveness of the fraud risk

management in the bank. SCBMF shall review and monitor cases of
frauds, including root cause analysis, and suggest mitigating measures
for strengthening the internal controls, risk management framework and
minimising the incidence of frauds. The coverage 8 and periodicity of
such reviews shall be decided by the Board of the bank.

2.1.4 The Senior Management shall be responsible for implementation of the

fraud risk management policy approved by the Board of the bank. A periodic
review of incidents of fraud shall also be placed before Board / Audit Committee
of Board (ACB), as appropriate, by the Senior Management of the bank.

8The coverage may include, among others, categories/trends of frauds, industry/sectoral/ geographical
concentration of frauds, delay in detection/classification of frauds and delay in examination/conclusion
of staff accountability, etc.
4
 2.1.5 Banks shall put in place a transparent mechanism to ensure that Whistle
Blower complaints on possible fraud cases / suspicious activities in account(s)
are examined and concluded appropriately under their Whistle Blower Policy.

2.2 Banks shall set-up an appropriate organisational structure for institutionalisation of

fraud risk management 9 within their overall risk management functions / Department.
A senior official in the rank of at least a General Manager or equivalent shall be
responsible for monitoring and reporting of frauds.

CHAPTER III
3. Early Detection of Frauds – Framework for Early Warning Signals (EWS) and
Red Flagging of Accounts (RFA)
3.1 Governance Structure
3.1.1 Banks shall have a framework for Early Warning Signals (EWS) and Red
Flagging of Accounts (RFA) under the overall Fraud Risk Management Policy
approved by the Board. A Red Flagged Account is one where suspicion of
fraudulent activity is thrown up by the presence of one or more EWS indicators,
alerting / triggering deeper investigation from potential fraud angle and initiating
preventive measures by the banks.

3.1.2 The Risk Management Committee of the Board (RMCB) shall oversee the
effectiveness of the framework for EWS and RFA. The Senior Management
shall be responsible for implementation of a robust Framework for EWS and
RFA within the bank.

3.1.3 The EWS indicators identified for monitoring credit facilities / loan
accounts and other banking transactions shall be approved by the RMCB.
Appropriate Turnaround Time (TAT), preferably not more than 30 days, for
examination of EWS alerts / triggers shall be prescribed by the RMCB.

3.1.4 RMCB shall review the status of red flagged accounts, including the EWS
alerts / triggers, remedial actions initiated by the bank, etc. at periodic intervals
as approved by the Board.

9 i.e. prevention, early detection, investigation, staff accountability, monitoring, recovery, analysis and
reporting of frauds, etc. and other related aspects under the Board approved Policy.
5
 3.1.5 The EWS / RFA framework shall be subject to suitable validation in
accordance with the directions of RMCB so as to ensure its integrity, robustness
and consistency of the outcomes.

3.2 The EWS / RFA Framework shall provide for, among others:
(i) A system of robust EWS which is integrated with Core Banking Solution
(CBS) or other operational systems; (ii) Initiation of remedial action on alerts /
triggers from EWS System in a timely manner; (iii) Periodic review of credit
sanction and monitoring processes, internal controls and systems; and (iv)
Effective use of Central Repository of Information on Large Credits (CRILC)
database and the Central Fraud Registry (CFR) 10.

3.3 EWS / RFA Framework for Credit Facilities / Loan Accounts

3.3.1 Development of EWS System: The EWS system shall be comprehensive
and designed to include both the quantitative and qualitative indicators to make
the framework robust and effective. The broad indicators which the EWS
system may illustratively capture could be based on the transactional data of
accounts, financial performance of borrowers, market intelligence, conduct of
the borrowers, etc.

3.3.2 Data Analytics and Market Intelligence (MI) Unit: Banks shall set up a
dedicated Data Analytics and MI Unit keeping in view their size, complexity,
business mix, risk profile, etc. Such Unit shall facilitate collection and
processing of relevant information to enable an early detection and prevention
of potentially fraudulent activities.

3.3.3 Generation of EWS alert(s) / trigger(s) shall necessitate examination

whether the account needs to be red flagged and consequently, investigation
from potential fraud angle.

3.3.4 An account meeting the CRILC reporting threshold 11 by the reporting

entity, once red flagged, shall be reported to the Reserve Bank within seven
days of being red flagged.

10CRILC and CFR not applicable to RRBs.

11Aggregate fund-based and non-fund-based exposure of ₹3 crore and above for reporting red-flagged
accounts / frauds.

6
3.4 EWS Framework for other banking / non-credit related transactions 12
3.4.1 Banks shall develop / strengthen their EWS system by identifying suitable
indicators and parameterising them in their EWS system for monitoring other
banking / non-credit related transactions. Banks shall strive to continuously
upgrade the EWS system for enhancing its integrity and robustness, monitor
other banking / non-credit related transactions efficiently and prevent fraudulent
activities through the banking channel. Further, the effectiveness of EWS
system shall be tested periodically.

3.4.2 The design and specification of EWS system shall be robust and resilient
to ensure that integrity of system is maintained, personal and financial data of
customers are secure and transaction monitoring for prevention / detection of
potential fraud is on real-time basis 13. Banks shall remain vigilant in monitoring
transactions / unusual activities, specifically in the non-KYC compliant and
money mule accounts etc., to contain unauthorised / fraudulent transactions
and to prevent misuse of banking channel.

3.4.3 The Data Analytics & MI Unit or other dedicated analytics set up in banks
shall extensively monitor and analyse other banking / non-credit related
transactions, more specifically the transactions through digital platforms and
applications, in order to identify unusual patterns and activities which could alert
the bank timely in initiating appropriate measures towards prevention of
fraudulent activities.

3.5 Banks shall put in place / suitably upgrade their existing EWS system within six
months from the date of issuance of these Directions.

CHAPTER IV

4. Credit facility / Loan account classified as Red-flagged Account and

Reporting of Fraud
4.1 In case of a credit facility / loan account classified as red-flagged account, banks
shall use an external audit 14 or an internal audit as per their Board approved Policy,
for further investigation in such accounts.

12 i.e., other than those transactions covered under Para 3.3.

13 or with a minimum time lag without compromising the effectiveness of the outcome of EWS system
in prevention / detection of potential frauds.
14 Auditors who are qualified to conduct audit under relevant statutes.

7
 4.1.1 Banks shall frame a policy on engagement of external auditors covering
aspects such as due diligence, competency and track record of the auditors,
among others. Further, the contractual agreement with the auditors shall, inter
alia, contain suitable clauses on timeline for completion of the audit and
submission of audit report to the bank within a specified time limit, as approved
by the Board.
4.1.2 The loan agreement with the borrower shall contain clauses for conduct
of such audit at the behest of lender(s) consequent upon red flagging of the
account. In cases where the audit report submitted remains inconclusive or is
delayed due to non-cooperation by the borrower, banks shall conclude on
status of the account as a fraud or otherwise based on the material available
on their record and their own internal investigation / assessment in such
cases 15.
4.1.3 The decision to classify any account, either standard or NPA, as a red-
flagged account shall be at the individual bank level and such bank(s) shall
report the status of the account on the Reserve Bank’s CRILC platform 16
immediately (not later than seven days from date of classification as red-flagged
account).
4.1.4 The bank (in case of sole lending) or the individual banks (in case of
multiple banking arrangement or consortium lending) shall ensure that the
principles of natural justice 17 are strictly adhered to before classifying / declaring
an account as fraud.
4.1.5 Once an account has been red-flagged, the entire process of classification
of the account as fraud or removal of red-flagged status shall ordinarily be
completed within 180 days from the date of first reporting of the account as red-
flagged on the CRILC platform. Cases remaining in red-flagged status beyond

15 Banks shall ensure that principles of natural justice are strictly adhered to before classifying /
declaring an account as fraud (Please refer to Para 2.1.1 ibid).
16 Central Repository of Information on Large Credits (Circular ref No. RBI/2013-14/601

DBS.OSMOS.No.14703/33.01.001/2013-14, dated May 22, 2014).

17 Please refer to the judgement of the Hon’ble Supreme Court dated March 27, 2023 on Civil Appeal

No.7300 of 2022 in the matter of State Bank of India & Ors Vs. Rajesh Agarwal & Ors. and connected
matters, read with the Order dated May 12, 2023 passed by the Hon’ble Supreme Court in Misc.
Application. No.810 of 2023, specifically in relation to serving a notice, giving an opportunity to submit
a representation before classifying Persons / Entities as fraud and passing a reasoned order. The
orders of the Hon’ble High Court of Bombay dated August 7, 2023 in Writ Petition (L) No. 20751 of 2023
and the Hon’ble High Court of Gujarat dated August 31, 2023 in Special Civil Application No. 12000 of
2021 and connected matters shall be referred to (Please refer to Para 2.1.1 ibid).

8
 180 days shall be reported to the SCBMF for review with adequate reasoning /
justification thereof. Such cases shall also be subject to supervisory review by
the Reserve Bank.
4.1.6 In case an account is identified as a fraud by any bank, the borrowal
accounts of other group companies18, in which one or more promoter(s) /
whole-time director(s) are common, shall also be subjected to examination by
banks concerned from fraud angle under these Directions.
4.1.7 In cases where Law Enforcement Agencies (LEAs) have suo moto
initiated investigation involving a borrower account, bank/s shall immediately
red-flag the account and follow the usual process for classification of account
as fraud and complete the same within the stipulated period as specified at
Para 4.1.5 above.

4.2 Independent confirmation from the third-party service providers including

professionals
4.2.1 Banks place reliance on various third-party service providers as part of
pre-sanction appraisal and post-sanction monitoring. Therefore, banks may
incorporate necessary terms and conditions in their agreements with third-party
service providers to hold them accountable in situations where wilful negligence
/ malpractice by them is found to be a causative factor for fraud.

4.2.2 Banks shall, after complying with the principles of natural justice, report
to Indian Banks’ Association (IBA) the details of such third parties or
professionals involved in frauds. IBA would, in turn, prepare caution lists of such
third parties for circulation among the banks.

4.3 Staff Accountability

4.3.1 Banks shall initiate and complete the examination of staff accountability
in all fraud cases in a time-bound manner in accordance with their internal
policy.
4.3.2. PSBs and AIFIs shall conduct examination of staff accountability as per
the guidelines issued by the Central Vigilance Commission (CVC). In terms of

18 Please refer to the Large Exposure Framework issued vide Circular Ref.DBR.No.BP.BC.43/
21.01.003/2018-19 dated Jun 03, 2019 as amended from time to time and Master Circular - Exposure
Norms for Financial Institutions issued vide Circular Ref.DBR.FID.FIC.No.4/01.02.00/2015-16 dated
July 01, 2015 as amended from time to time, as applicable.

9
 CVC Order, PSBs and AIFIs shall also refer all fraud cases of amount involving
₹3 crore and above for examining the role of all levels of officials / whole-time
directors (including ex-officials / ex-WTDs) to the Advisory Board for Banking
and Financial Frauds (ABBFF) 19 constituted by the CVC.

4.3.3 In cases involving very senior executives of the bank (MD & CEO /
Executive Director / Executives of equivalent rank)20, the ACB shall initiate
examination of their accountability and place it before the Board. However, in
case of PSBs and AIFIs, such cases shall also be referred to the ABBFF.

4.4 Penal Measures

4.4.1 Persons / Entities classified and reported as fraud by banks and also
Entities and Persons associated 21 with such Entities, shall be debarred from
raising of funds and / or seeking additional credit facilities from financial entities
regulated by RBI, for a period of five years from the date of full repayment of
the defrauded amount / settlement amount agreed upon in case of a
compromise settlement.
4.4.2 Lending to such Persons / Entities, being commercial decisions, the
lending banks shall have the sole discretion to entertain or decline such
requests for credit facilities after the expiry of the mandatory cooling period as
mentioned at Para 4.4.1 above.

4.5 Treatment of accounts under Resolution

4.5.1 In case an entity classified as fraud has subsequently undergone a
resolution either under IBC or under the resolution framework of RBI 22 resulting
in a change in the management and control of the entity / business enterprise,
the bank shall examine whether the entity shall continue to remain classified as
fraud or the classification as fraud could be removed after implementation of

19 Please refer to the Vigilance Manual issued by Central Vigilance Commission (CVC), CVC Office

Order No. 02/01/22 dated January 06, 2022 and CVC Office Order No. 10/03/22 dated March 14, 2022
updated from time to time.
20 Such executive shall not participate in the meeting of the Board / ACB / SCBMF in which their

accountability is to be considered.
21 (a) if it is an entity, another entity will be deemed to be associated with it, if that entity is (i) a subsidiary

company as defined under clause 2 (87) of the Companies Act, 2013 or (ii) falls within the definition of
a ‘joint venture’ or an ‘associate company’ under clause (6) of section 2 of the Companies Act, 2013.
(b) in case of a natural person, all entities in which she / he is associated as promoter, or director, or as
one in charge and responsible for the management of the affairs of the entity shall be deemed to be
associated.
22 Prudential Framework for Resolution of Stressed Assets dated June 7, 2019 (as amended from time

to time) issued by the RBI.

10
 the Resolution Plan under IBC or aforesaid prudential framework. This would,
however, be without prejudice to the continuance of criminal action against
erstwhile promoter(s) / director(s) / person(s) who were in charge and
responsible for the management of the affairs of the entity / business enterprise.

4.5.2 The penal measures as detailed in Para 4.4 shall not be applicable to
entities / business enterprises after implementation of the Resolution Plan
under IBC or aforesaid prudential framework.

4.5.3 The penal measures detailed in Para 4.4 shall continue to apply to the
erstwhile promoter(s) / director(s) / persons who were in charge and
responsible for the management of the affairs of the entity / business enterprise.

CHAPTER V

5. Reporting of Frauds to Law Enforcement Agencies (LEAs) 23

5.1 Banks shall immediately report the incidents of fraud to LEAs, subject to applicable
laws, as indicated below 24:

Category of Amount involved LEA to whom complaint Remarks

bank in the fraud should be lodged
Private Sector / Below ₹1 crore State / Union Territory (UT)
Foreign Banks Police
₹1 crore and above In addition to State/UT Details of fraud
Police, Serious Fraud are to be reported
Investigation Office (SFIO), to SFIO in Fraud
Ministry of Corporate Affairs, Monitoring Return
Government of India (FMR) format.
Public Sector (a) Below ₹6 State / UT Police
Banks / Regional crore 25

Rural Banks (b) ₹6 crore and Central Bureau of

above Investigation (CBI)

23 As the thresholds for reporting to Law Enforcement Agencies (LEAs) vary across the States / UTs,

these reporting requirements have been prescribed after due consultation with Central Vigilance
Commission, Department of Financial Services, Government of India and select LEAs.
24 In case of consortium lending, each of the consortium member may file separate complaints, if

separate offences have been committed in respect of each of them and if the fraud so committed is not
part of the same fraudulent act / transaction. In other cases of such lending, only one member may file
a complaint and all the other members may extend necessary support to the said member and the LEAs
in investigation of the fraud, including by way of providing all necessary information, documents etc.
Banks may take a decision in this regard depending on the facts and circumstances that may be relevant
in a given case and the applicable laws.
25 In the year 2004, PSBs were advised to report cases involving ₹1 crore and above to CBI.

Subsequently, in 2012, the reporting threshold was increased to ₹3 crore and above. Since the inflation
indexed value of ₹3 crore has become ₹5.6 crore in 2022-23, the reporting threshold has been
increased to ₹6 crore.

11
5.2 Banks shall establish suitable nodal point(s) / designate officer(s) for reporting
incidents of fraud to LEAs and for proper coordination to meet the requirements of the
LEAs.

CHAPTER VI 26

6.1 Reporting of Incidents of Fraud to Reserve Bank of India (RBI)

To ensure uniformity and consistency while reporting incidents of fraud to RBI through
Fraud Monitoring Returns (FMRs) using online portal, banks shall choose the most
appropriate category from any one of the following:

(i) Misappropriation of funds and criminal breach of trust;

(ii) Fraudulent encashment through forged instruments;
(iii) Manipulation of books of accounts or through fictitious accounts, and
conversion of property;
(iv) Cheating by concealment of facts with the intention to deceive any person
and cheating by impersonation;
(v) Forgery with the intention to commit fraud by making any false
documents/electronic records;
(vi) Wilful falsification, destruction, alteration, mutilations of any book,
electronic record, paper, writing, valuable security or account with intent
to defraud;
(vii) Fraudulent credit facilities extended for illegal gratification;
(viii) Cash shortages on account of frauds;
(ix) Fraudulent transactions involving foreign exchange;
(x) Fraudulent electronic banking / digital payment related transactions
committed on banks; and
(xi) Other type of fraudulent activity not covered under any of the above.

6.2 Central Fraud Registry (CFR) 27

6.2.1 Banks shall put in place systems and procedures to ensure that the
information available in Central Fraud Registry (CFR) is used for credit risk and
fraud risk management effectively.

26 The reporting requirements prescribed under Chapter VI are not applicable to RRBs. They shall report
incidents of fraud to NABARD in the manner and in Returns / Formats as prescribed by NABARD.
27 Central Fraud Registry (CFR) is a web-based searchable database maintained by RBI. Fraud related

data, including the updates thereof, directly flow to CFR from online reporting by banks through Fraud
Monitoring Returns (FMRs).

12
 6.2.2 Banks are required to report payment system related disputed / suspected
or attempted fraudulent transactions to Central Payments Fraud Information
Registry (CPFIR) 28, maintained by RBI. However, such transactions, if
subsequently concluded as fraud committed on bank(s), shall invariably be
reported through FMR so as to be reflected in CFR.

6.3 Modalities of Reporting Incidents of Fraud to RBI

6.3.1 Banks shall furnish FMR 29 in individual fraud cases, irrespective of the
amount involved, immediately, but not later than 14 days from the date of
classification 30 of an incident / account as fraud.

6.3.2 Incidents of fraud at overseas branches of Indian banks shall also be

reported to the concerned overseas LEAs in accordance with the relevant laws
/ regulations of the host countries.

6.3.3 Banks shall also report frauds perpetrated in their group entities 31 to RBI
separately 32, if such entities are not regulated / supervised by any financial
sector regulatory / supervisory authority. However, in case of overseas banking
group entity of Indian banks, the parent bank shall also report incidents of fraud
to RBI. The group entities will have to comply with the principles of natural
justice before declaration of fraud 33.

6.3.4 Banks shall adhere to the timeframe prescribed in these Master Directions
for reporting of fraud cases to RBI 34. Banks shall examine and fix staff
accountability for delays in identification of fraud cases and in reporting to RBI.

6.3.5 While reporting frauds, banks shall ensure that persons / entities who /
which are not involved / associated with the fraud are not reported in the FMR.

6.3.6 Banks may, under exceptional circumstances, withdraw FMR / remove

name(s) of perpetrator(s) from FMR. Such withdrawal / removal shall, however,

28 As required in terms of Circular Ref.CO.DPSS.OVRST.No.S1619/06-08-005/2022-23 dated

December 26, 2022.
29 Updates to the FMR shall be provided through FMR Update Application (FUA).
30 As defined under Para 8.4.3.
31 Group entities mean both the domestic and overseas subsidiaries, affiliates, joint ventures etc. as

defined under applicable accounting standards, whether engaged in financial or non-financial services.
32 However, the FMR shall be furnished through e-mail ([email protected]) only.
33 Please refer to Para 2.1.1.
34 Delay in reporting of frauds, and the consequent delay in alerting other banks and dissemination of

information through CFR could result in similar frauds being perpetrated elsewhere.
13
 be made with due justification and with the approval of an official at least in the
rank of a whole-time director.

6.4 Closure of Fraud Cases Reported to RBI

6.4.1 Banks shall close fraud cases using ‘Closure Module’ where the actions
as stated below are complete:

(i) The fraud cases pending with LEAs / Court are disposed off; and

(ii) The examination of staff accountability has been completed.

6.4.2 Banks are allowed, for limited statistical / reporting purposes, to close
those reported fraud cases involving amount up to ₹1 crore 35, where
examination of staff accountability and disciplinary action, if any, have been
taken and:
(i) The investigation is going on or charge-sheet has not been filed in the
Court by LEA for more than three years from the date of registration of
First Information Report (FIR); or
(ii) The charge-sheet is filed by the LEAs in trial court and the trial in the
court has not commenced or is pending before the court for more than
three years from the date of registration of FIR.
6.4.3 In all closure cases of reported frauds, banks shall maintain details of
such cases for examination by auditors.

CHAPTER VII

7. Cheque Related Frauds - Reporting to LEAs and RBI / NABARD 36

7.1 To ensure uniformity and avoid duplication, reporting of frauds involving forged
instruments, including fake / forged instruments sent in clearing in respect of truncated
instruments, shall continue to be done by the paying banker and not by the presenting
banker. In such cases the presenting bank shall immediately handover the underlying
instrument to the drawee / paying bank, as and when demanded, to enable them to
inform LEAs for investigation and further action under law and to report the fraud to
RBI.
7.2 However, in the case of presentment of an instrument which is genuine but
payment has been made to a person who is not the true owner; or where the amount

35 Previously, banks were allowed to close frauds with amount involving up to ₹25 lakh, for limited
statistical / reporting purposes.
36 Reporting to NABARD by RRBs.

14
has been credited before realisation and subsequently the instrument is found to be
fake / forged and returned by the paying bank, the presenting bank which is defrauded
or is put to loss by paying the amount before realisation of the instrument shall file the
fraud report with the RBI and inform the LEAs for investigation and further action under
law.
CHAPTER VIII
8. Other Instructions
8.1 Legal Audit of Title Documents in respect of Large Value Loan Accounts
Banks shall subject the title deeds and other related title documents in respect of all
credit facilities of ₹5 crore and above to periodic legal audit and re-verification, till the
loan is fully repaid. The scope and periodicity of legal audit shall be in accordance with
the Board approved policy referred to in clause 2.1.1 above. Specific to Small Finance
Banks, Local Area Banks and Regional Rural Banks, the threshold amount for periodic
legal audit of title deeds and other related title documents shall continue to be ₹1 crore.

8.2 Treatment of Accounts classified as Fraud and sold to other Lenders / Asset
Reconstruction Companies (ARCs) 37
Banks shall complete the investigation from fraud angle before transferring the loan
account / credit facility to other lenders / ARCs. In cases where banks conclude that a
fraud has been perpetrated in the account, they shall report it to RBI / NABARD 38
before selling the accounts to other lenders / ARCs 39.

8.3 Role of Auditors

8.3.1 During the course of the audit, auditors may come across instances where
the transactions in the account or the documents point to the possibility of
fraudulent transactions in the account. In such a situation, the auditor should
immediately bring it to the notice of the senior management and if necessary, to
the Audit Committee of the Board (ACB) of the bank for appropriate action.

8.3.2 Internal Audit in banks shall cover controls and processes involved in
prevention, detection, classification, monitoring, reporting, closure and

37 Reference is invited to Master Direction – Reserve Bank of India (Transfer of Loan Exposures)

Directions, 2021 (ref:DOR.STR.REC.51/21.04.048/2021-22 dated September 24, 2021) as updated

from time to time.
38 RRBs shall report to NABARD.
39 In cases where accounts are sold to ARCs, banks shall continue to report subsequent developments

in such accounts to RBI / NABARD, by obtaining requisite information periodically from the concerned
ARCs.

15
 withdrawal of fraud cases, and also weaknesses observed in the critical
processes in the fraud risk management framework of the bank 40.

8.4 ‘Date of Occurrence’, ‘Date of Detection’ and ‘Date of Classification’ of Fraud

- for the purpose of reporting under FMR

8.4.1 The ‘date of occurrence’ is the date when the actual misappropriation of
funds has started taking place, or the event occurred, as evidenced / reported
in the audit or other findings.

8.4.2 The ‘date of detection’ to be reported in FMR is the actual date when the
fraud came to light in the concerned branch / audit / department, as the case
may be, and not the date of approval by the competent authority of the bank.

8.4.3 The ‘date of classification’ is the date when due approval from the
competent authority has been obtained for such classification, and the
reasoned order is passed.
CHAPTER IX 41
9. Reporting Cases of Theft, Burglary, Dacoity and Robbery
9.1 Banks shall report 42 instances of theft, burglary, dacoity and robbery (including
attempted cases), to Fraud Monitoring Group (FMG), Department of Supervision,
Central Office, Reserve Bank of India, immediately (not later than seven days) from
their occurrence.

9.2 Banks shall also submit a quarterly Return (RBR) on theft, burglary, dacoity and
robbery to RBI using online portal, covering all such cases during the quarter. This
shall be submitted within 15 days from the end of the quarter to which it relates.

CHAPTER X
10. Repeal
With the issue of these Directions, instructions / guidelines contained in the Circulars
issued by the Reserve Bank of India listed in Appendix stand repealed, as the
contents of the same have been incorporated in the Master Directions. All the

40 Including delay in reporting, non-reporting, conduct of staff accountability examination, prudential

provisioning, etc.
41 The reporting requirements prescribed under Chapter IX are not applicable to RRBs. They shall report

cases of theft, burglary, dacoity and robbery to NABARD in the manner and in Returns / Formats as
prescribed by NABARD. .
42 In the prescribed format ‘Report on Bank Robbery, Theft, etc. (RBR) through e-mail

([email protected]).
The format is available on RBI website (https://www.rbi.org.in/scripts/BS_Listofallreturns.aspx).
16
instructions / guidelines contained in these Circulars shall be deemed as given under
these Directions.
*****

17
 Appendix

List of Circulars Repealed

S. Circular
Circular No. Subject
No. Date
1. DOS.CO.FMG.NO. 13-01-2023 Reporting of digital payment related
S332/23.04.001/2022-23 frauds to RBI through FMR
2. DOS.CO.FMG.NO. 17-06-2022 Advisory on inclusion/adding name(s) of
S101/23.04.001/2022-23 non-whole time Director(s) of a company
in the FMR/CRILC
3. DOS.CO.FMG.No.45534/23. 11-05-2021 Conduct of Forensic Audit for
14.027/2021-22 investigation of accounts from fraud
angle
4. DBS.CO.CFMC 01-10-2019 Deployment of Closure Module for FMRs
No.2030/23.10.002/2019-20 in XBRL Platform
5. DBS.CO.CFMC.No. 04-06-2018 Fraud Reporting-Migration of FRMS to
/23.10.002/2017-18 XBRL based system - FUA (FMR Update
Application) - Revised
6. DBS.CO.CFMC.No. 09-01-2018 Fraud Reporting-Migration of FRMS to
6453/23.10.002/2017-18 XBRL based system - Going Live- FUA
(FMR Update Application)
7. DBS.CO.CFMC.BC.No. 07-07-2017 Fraud Reporting-Migration of FRMS to
3/23.10.002/2017-18 XBRL based system - Going Live- FMR4
and VMRs
8. DBS.CO.CFMC.NO. 28-03-2017 Fraud Reporting – Migration of FRMS to
7516/23.10.002/2016-17 XBRL based system – Going Live
9. DBS.CO.CFMC.No. 11-01-2016 Introduction of Central Fraud Registry
7876/23.04.001/2015-16 (CFR) and migration to the XBRL based
reporting of frauds
10. DBS.CO.FrMC.BC.No.7/23.0 16-09-2009 Fraud Risk Management System in
4.001/2009-10 Banks - Role of Chairmen / Chief
Executive Officers
11. DBS.CO.FrMC.BC.No.8/23.0 24-06-2009 Frauds in Borrowal Accounts having
4.001/2008-09 Multiple Banking Arrangements
12. DBS.CO.FrMC 24-06-2009 Submission of quarterly return on frauds
15976/23.02.013/2008-09 through FRMS Application
13. DBS.CO.FrMC.BC.No.3/23.0 16-03-2009 Circulation of the Names of Third Parties
8.001/2008-09 involved in Frauds
14. DBS.CO.FrMC 31-07-2008 Nodal Officers for fraud reporting -
1470/23.04.001/08-09 particulars
15. DBS.FGV(F)No.8897/23.10. 20-12-2005 Frauds Reporting and Monitoring
001/2005-2006 System (FRMS)
16. DBS.FrMC.BC.No.18/23.04. 11-02-2005 Fraud Cases Pending Investigation by
011/2004-05 CBI - Request for Early Final Disposal
17. DBS.FGV(F).No.1004/23.04. 14-01-2004 Monitoring of Large Value Frauds by the
01A/2003-04 Board of Directors

18
S. Circular
Circular No. Subject
No. Date
18. DBS.FGV(F).No.1836/23.04. 04-06-2003 Frauds Reporting and Monitoring
001/2002-2003 System (FRMS)
19. DBS.FGV.No.258/23.04.001/ 26-08-2000 Reporting of Frauds by Banks
2000-01
20. DBS.No.FGV.BC.46/23.04.0 28-01-1999 Submission of Quarterly/Half-Yearly
01/98-99 Statements on Frauds, etc.
21. DBS.No.FGV.BC.34/23.04.0 26-09-1998 Frauds in Banks - Filing of Complaints
01/98-99 with Investigating Agencies
22. DBS.FGV/487/23.04.001/97- 23-06-1998 Reporting of Frauds
98
23. DBS.FGV/486/23.04.001/97- 23-06-1998 Frauds in Banks - Action against
98 Delinquent Staff
24. DBS.FGV.BC.15/23.04.001/9 05-05-1998 Frauds in Banks - Reporting to RBI
7-98
25. DBS.FGV.460/23.04.001/97- 03-11-1997 Reporting of frauds
98
26. DOS.FGV.BC.25/23.04.001/ 30-12-1996 Reporting of Frauds by Banks
96
27. DOS.No.317/23.11.001/96 09-09-1996 Frauds in banks - Compendium of
Instructions
28. DOS.No.FGV.BC.17/23.04.0 09-09-1996 Reporting of Frauds
01/96-97
29. DOS.No.FGV.BC.13/23.01.0 12-06-1996 Annual Review of Frauds
01/96
30. DOS.No.BC.FGV.10/23.04.0 06-05-1996 Reporting on Frauds in Banks
01/96

19