🚨 Loan Fraud Management
RBI - Fraud Risk Management in Commercial Banks and AIFIs Directions, 2026. This includes Classification procedures, SCBMF composition, and fraud reporting.
Fraud Risk Management in Credit
RBI Framework — Introduction
The RBI's master direction on Fraud Risk Management is designed to ensure banks don't just react to frauds, but proactively build systems to stop them. The framework rests on four core pillars:
- Early Detection & Timely Action: The primary objective is to catch suspicious activity early and report it immediately so fraudsters can be brought to justice swiftly, minimizing financial loss.
- Staff Accountability: Banks must examine if the fraud occurred due to the negligence or collusion of bank staff. Holding staff accountable ensures employees remain vigilant during credit underwriting.
- Information Dissemination: When a fraud is detected, information about the fraudster and their methods must be rapidly shared across the banking ecosystem to prevent them from exploiting other banks.
- Preventive Measures: Banks are required to analyze reported frauds and implement strong internal controls to close loopholes and prevent similar incidents from happening again.
RBI (Fraud Risk Management in Commercial Banks and AIFIs) Directions, 2024
On July 15, 2024, the RBI issued comprehensive directions to strengthen fraud risk management in banks. These guidelines focus on early detection, timely reporting, and ensuring accountability.
🔐
Pro Content Locked
Upgrade to Pro to access this lesson and all other premium content.
Pro
Popular Save ₹100/mo
₹ 99 /mo
₹99 charged monthly · Cancel anytime
- All Agriculture & Banking Courses
- AI Lesson Questions (100/day)
- AI Doubt Solver (50/day)
- Glows & Grows Feedback (30/day)
- AI Section Quiz (20/day)
- 22-Language Translation (100/day)
- Recall Questions (20/day)
- AI Quiz (15/day)
- AI Quiz Paper Analysis (100/day)
- AI Step-by-Step Explanations (100/day)
- Spaced Repetition Recall (FSRS)
- AI Tutor
- Immersive Text Questions
- Audio Lessons — Hindi & English
- Mock Tests & Previous Year Papers
- Summary & Mind Maps
- XP, Levels, Leaderboard & Badges
- Generate New Classrooms
- Voice AI Teacher (AgriDots Live)
- AI Revision Assistant
- Knowledge Gap Analysis
- Interactive Revision (LangGraph)
🔒 Secure via Razorpay · Cancel anytime · No hidden fees
Fraud Risk Management in Credit
RBI Framework — Introduction
The RBI's master direction on Fraud Risk Management is designed to ensure banks don't just react to frauds, but proactively build systems to stop them. The framework rests on four core pillars:
- Early Detection & Timely Action: The primary objective is to catch suspicious activity early and report it immediately so fraudsters can be brought to justice swiftly, minimizing financial loss.
- Staff Accountability: Banks must examine if the fraud occurred due to the negligence or collusion of bank staff. Holding staff accountable ensures employees remain vigilant during credit underwriting.
- Information Dissemination: When a fraud is detected, information about the fraudster and their methods must be rapidly shared across the banking ecosystem to prevent them from exploiting other banks.
- Preventive Measures: Banks are required to analyze reported frauds and implement strong internal controls to close loopholes and prevent similar incidents from happening again.
RBI (Fraud Risk Management in Commercial Banks and AIFIs) Directions, 2024
On July 15, 2024, the RBI issued comprehensive directions to strengthen fraud risk management in banks. These guidelines focus on early detection, timely reporting, and ensuring accountability.
Special Committee of the Board for Monitoring and Follow-up (SCBMF)
Banks are required to constitute a Special Committee to oversee fraud risk management. This committee ensures that fraud classification is not done by a single officer but by a high-level board group.
Composition
- Minimum Members: Three members of the Board.
- Mandatory Structure:
- One Whole-time Director.
- Minimum Two Independent Directors / Non-Executive Directors.
- Chairperson: The Committee shall be headed by one of the Independent Directors / Non-Executive Directors.
Tasks of SCBMF
- now Oversee the effectiveness of the fraud risk management framework.
- Review and Monitor cases of frauds.
- Suggest mitigating measures.
Role of Risk Management Committee of the Board (RMCB)
- RMCB approves indicators used for ongoing monitoring of loan accounts and other banking transactions.
- RMCB defines turnaround timelines for examination of Early Warning Signal (EWS) alerts (preferably within 30 days).
- RMCB periodically reviews status of red-flagged accounts, EWS trigger quality, and remedial action closure.
Early Warning Signals (EWS)
- Earlier, many fraud losses became large because banks acted only after default crystallized.
- RBI's shift is from post-facto reaction to proactive detection through continuous EWS monitoring.
- EWS is not a yearly compliance formality; it is part of daily credit monitoring and officer accountability.
Data Analytics and Market Intelligence (MI) Unit
- Banks must set up a dedicated Data Analytics and Market Intelligence (MI) Unit.
- Purpose: To facilitate collection and processing of relevant information for early detection and prevention of potentially fraudulent activities (i.e., instead of waiting for a default, banks must use data like GST returns, market news, and stock prices to catch signals early).
List of Early Warning Signals (EWS)
Financial & Payment Indicators:
- Default in payment to statutory bodies
- Bouncing of high-value cheques
- Long outstanding foreign bills
- Delayed payment of dues
- Funds from other banks to clear loans
- Interest funded by additional facilities
- Heavy cash withdrawal from loan accounts
- High-value RTGS payments to unrelated parties
Operational & Trade Indicators:
- Project scope changes by the borrower
- Frequent invocation of BGs and LCs
- Inventory under or over-insurance
- Incomplete invoices lacking details
- Concealment of import leg in merchanting trade
- Godown inspection postponement requests
- LCs issued for local trade without underlying transactions
- Sales proceeds not routed through consortium members
- Non-production of bills for verification
Collateral & Documentation Indicators:
- Dispute over collateral title
- Charging exclusive collateral to multiple lenders
- Concealment of vital documents
- Unreported liabilities from ROC search reports
Corporate & Financial Statement Indicators:
- Establishment of front/associate companies with borrowed funds
- Critical issues highlighted in stock audit reports
- Requests for general purpose loans
- Ad hoc sanctions
- Significant inventory and receivables movements disproportionate to turnover
- Disproportionate change in other current assets
- Increase in working capital borrowing as percentage of turnover
- Increase in Fixed Assets without corresponding long-term sources
- Increase in borrowings despite significant cash equivalents
- Frequent changes in accounting period/policies
- Project costing variance from standard cost
- Unacknowledged claims as debt
- Substantial increase in unbilled revenue
- Large transactions with interconnected companies
Governance & Disclosure Indicators:
- Substantial related party transactions
- Material discrepancies in annual reports
- Inconsistencies within annual reports
- Poor disclosure of adverse information
- Raids by tax officials
- Significant changes in promoter/director stake or encumbered shares
- Resignation of key personnel and management changes
Red Flagging of Accounts (RFA)
- RBI defines a Red Flagged Account (RFA) as one with suspicious activity indicated by Early Warning Signals (EWS).
- Banks must promptly investigate accounts with EWS to determine fraud potential.
- Fraud Management Group (FMG) decides on RFA classification within a month of noticing EWS.
- Investigations on RFAs should be completed within six months, with external auditors or internal teams.
- FMG reports RFA status to the Special Committee of the Board for monitoring.
Consortium Banks & RFA
- Consortium banks conduct due diligence independently and share concerns immediately.
- Due diligence includes understanding borrower business, assessing risks, and developing SOPs.
- Banks report RFA/Fraud status to RBI and CBI/Police within specific timelines.
- The bank that first identifies suspicion must request a consortium meeting within 15 days.
- If consortium lenders disagree on fraud suspicion, majority view is used so independent forensic audit can start without delay (this prevents a few dissenting banks, who might be trying to hide their own poor underwriting, from stalling the investigation).
- Consortium banks share costs and provide support for investigations.
Reporting RFA to RBI
- Red Flagged Account (RFA) Threshold: An account meeting the Central Repository of Information on Large Credits (CRILC) reporting threshold (exposure of Rs. 50 crore).
- Timeline: Once red-flagged, it shall be reported to CRILC within seven days.
Forensic Audit & Investigation
- Forensic audits uncover wrong practices and malfeasance to determine if fraud occurred.
- They examine financial statements/information for use as evidence in court.
- Proper documentation is crucial for substantiating findings.
- Forensic audits may be assigned for suspected frauds, substantial fund diversion, or security alienation.
- They cover various aspects of the audited unit's functioning.
- Instances requiring forensic audits include red-flagged accounts, declared frauds, or adverse public domain information.
- Findings influence actions like credit restructuring, management changes, or criminal proceedings.
- Banks must specify audit objectives and scope clearly when assigning forensic audits.
- The Indian Banks' Association (IBA) has a system for empanelling forensic auditors.
- Audits should be completed within three months of assignment, and decisions on account status must be made within 15 days of completion.
Timeline to Classify as Fraud
- Once an account is reported as a Red Flagged Account (RFA) to CRILC, the entire process of classification (either confirming as fraud or removal of red-flagged status) shall ordinarily be completed within 180 days.
Why 180 days? This 6-month window is provided to allow the bank to conduct a detailed Forensic Audit. The audit report helps confirm if the suspicious transactions were indeed fraudulent.
Minimum Procedure for Declaring / Classifying as Fraud
To ensure the Principles of Natural Justice are followed, banks must adhere to the following procedure before classifying an account as fraud:
Principles of Natural Justice The Supreme Court ruled that a borrower cannot be branded a "Fraud" without a hearing. "Natural Justice" simply means:
- Notice: You must tell the person what they are accused of.
- Hearing: You must give them a chance to explain their side.
- Reasoned Order: You must explain why you rejected their explanation.
-
Issuance of Show Cause Notice (SCN):
- A detailed SCN must be issued to the Persons, Entities, and its Promoters / Whole-time and Executive Directors against whom the allegation of fraud is being examined.
- The SCN must provide complete details of transactions, actions, events, and the basis on which the declaration/reporting of fraud is being contemplated.
-
Reasonable Response Time:
- A reasonable time of not less than 21 days shall be provided to respond to the SCN.
-
Reasoned Order:
- A Reasoned Order must be served on the Persons/Entities conveying the bank's decision regarding the declaration/classification of the account as fraud, citing relevant facts.
-
Board Review:
- The Fraud Risk Management Policy shall be reviewed by the Board at least once in three years, or more frequently if needed.
Reporting of Frauds
Classification Basis and Reporting Channels
- Fraud classification is anchored in provisions of the Indian Penal Code (IPC).
- Reporting always has three parallel legs:
- Within the Bank
- To RBI
- To Law Enforcement (Police/CBI/SFIO as applicable)
1. Reporting within the Bank (Operational Ladder)
- All frauds of Rs. 1 lakh and above are promptly reported to the Board of Directors.
- Quarterly fraud review is placed before the Audit Committee of the Board (ACB).
- Fraud cases of Rs. 1 crore and above are monitored by the Special Committee of the Board for Monitoring and Follow-up of cases of Frauds (SCBMF).
- Annual fraud review is placed before the Board by 30th June.
2. Reporting to RBI
- Fraud reporting cannot be delayed for recovery optics or reputational reasons. RBI requires time-bound reporting so investigation starts early.
- Fraud Monitoring Return (FMR): Banks must furnish FMR (a detailed, structured report of the entire fraud case) for all individual fraud cases within 14 days from the date of classification.
- Flash Report (FR): Required for frauds over Rs. 5 crore, to be submitted within a week. (This is a quick, urgent alert sent to RBI so they can immediately warn other banks about a major fraudster before they strike again).
- All identified accounts must be reported to the Central Fraud Monitoring Cell (CFMC) of RBI. Monthly certification to CFMC-Bengaluru is used by banks to confirm timely reporting compliance.
- Attempted fraud is treated separately from completed fraud for regulatory reporting treatment.
RBI Returns, Forms, and Time Grid
- FMR-1: All frauds (irrespective of amount) within the timeline prescribed by RBI directions.
- FMR-2: Quarterly report on frauds outstanding.
- FMR-3: Quarterly report on fraud cases closed.
- FMR-4: Quarterly return for theft/dacoity/burglary cases.
3. Reporting to Law Enforcement Agencies (LEAs)
Depending on the amount of fraud and the type of bank (Private vs Public), the agency changes under the current RBI 2024 Directions.[1]
Exam Fodder: Whom to Report?
- SFIO comes into picture for ₹1 crore and above only for Private / Foreign Banks.[1]
- CBI comes into picture for ₹6 crore and above only for Public Sector Banks / RRBs.[1]
| Category of bank | Amount involved in fraud | LEA / agency to whom complaint should be lodged | Remarks |
|---|---|---|---|
| Private Sector / Foreign Banks | Below ₹1 crore | State / UT Police | Basic threshold under para 5.1 of the 2024 Directions.[1] |
| Private Sector / Foreign Banks | ₹1 crore and above | State / UT Police plus SFIO, Ministry of Corporate Affairs | Fraud details are to be reported to SFIO in FMR format.[1] |
| Public Sector Banks / Regional Rural Banks | Below ₹6 crore | State / UT Police | Applies under the revised 2024 LEA table.[1] |
| Public Sector Banks / Regional Rural Banks | ₹6 crore and above | CBI | Single current threshold for CBI reporting under the 2024 Directions.[1] |
- If fraud is confirmed, banks must lodge a complaint with CBI / Police within 30 days.
Incident-Specific Reporting Rules (Exam Favourite)
- Cash shortage > Rs. 10,000: treated as fraud and reportable.
- Cash shortage > Rs. 5,000: treated as fraud if not self-reported by cashier and detected by management.
- Theft/dacoity/burglary events are reportable with dedicated return tracking.
- For negotiable instrument fraud (like Cheque/Demand Draft frauds):
- If the fraud happens at the branch where the cheque is drawn, the paying branch reports it.
- If the fraud happens during the clearing process, the collecting branch reports it.
- Truncated instrument (CTS) fraud is additionally reported to designated RBI fraud monitoring channels.
Action, Containment & Accountability
Action on Related Accounts
- If one account is identified as fraud, accounts of other group companies where one or more promoters / whole-time directors are common shall also be subjected to examination from a fraud angle (this prevents "Diversion of Funds" where money is moved from a fraud account to a clean company by the same promoter).
Action where LEA Initiates Investigation
- If Law Enforcement Agencies (LEAs) (like CBI, ED, Police) have suo moto (on their own) initiated an investigation involving a borrower account:
- The bank shall immediately red-flag the account.
- The bank must follow the usual process for classification of the account as fraud.
Staff Accountability (Specific to PSBs and AIFIs)
Public Sector Banks (PSBs) and All India Financial Institutions (AIFIs) have additional requirements:
- Examination: They must conduct an examination of staff accountability as per the guidelines issued by the Central Vigilance Commission (CVC).
- Reference to Advisory Board (ABBFF):
- In terms of CVC Order, all fraud cases involving an amount of ₹3 Crore and above shall be referred to the Advisory Board for Banking and Financial Frauds (ABBFF).
- Scope: The ABBFF examines the role of all levels of officials and Whole-time Directors.
Provisioning for Fraud Accounts
- Once fraud is detected, banks must make 100% provision, but this can be phased over a maximum of 4 quarters from detection date.
Penal Measures
- Debarment:
- Persons/Entities classified as fraud and their associated entities shall be debarred from raising funds and/or seeking additional credit facilities from financial entities regulated by RBI.
- Period: For a period of five years from the date of full repayment of the defrauded amount or settlement amount agreed upon (this is essentially a "Financial Boycott" where no bank or NBFC will lend to them, effectively freezing their ability to do business).
Closure of Fraud Cases
Reported to RBI
Banks can close fraud cases if:
- Fraud cases pending with LEAs / Court are disposed off.
- Staff accountability has been completed.
Statistical Closure
For reported cases up to ₹1 crore, banks can close them for statistical purposes (meaning the RBI and the bank can close the file on their end to avoid cluttering their active reporting dashboards, but the criminal police/court case against the fraudster still continues) if:
- Staff accountability and disciplinary action have been taken.
- Investigation is going on or charge-sheet has not been filed in the Court by LEA for more than three years from the date of registration of FIR.
Statistical Closure (Legacy Threshold Note)
- Legacy references often mention statistical closure handling for lower-ticket fraud buckets after prolonged LEA/court pendency.
- In exam answers, clearly label older thresholds as legacy and write the currently applicable threshold/rule separately.
Summary Points
Exam Warning: 2016 Legacy vs 2024 Current Framework The 2024 RBI Master Directions completely superseded the older 2016 framework. Beware of outdated exam questions that ask about:
- Special Committee: The 2016 rule had a 5-member special committee. The 2024 rule emphasizes the SCBMF with a minimum of 3 members.
- CBI Reporting for PSBs: The 2016 rule used granular thresholds (below ₹3cr, ₹3-25cr, ₹25-50cr, above ₹50cr). The 2024 rule simplified this to: below ₹6 crore (State/UT Police) and ₹6 crore and above (CBI). Always answer according to the 2024 guidelines unless specifically asked about historical rules.
Fast Retention Grid (Numbers You Must Not Mix)
- 21 days: minimum response window for SCN.
- 30 days: preferred RMCB turnaround for EWS alert examination.
- 1 month: FMG decision window for RFA classification after EWS trigger.
- 180 days: outer timeline for RFA-to-fraud classification cycle.
- 14 days: baseline FMR reporting timeline from fraud classification.
- 1 week: Flash Report timeline for fraud > Rs. 5 crore.
References
2 sources • [1] [2]
References
[1]
Used for: Official RBI master directions. Chapter V, paragraph 5.1 contains the current table for reporting frauds to law enforcement agencies, including the ₹1 crore SFIO threshold for private/foreign banks and the ₹6 crore CBI threshold for PSBs/RRBs.
[2]
Used for: Older RBI directions retained here only as a legacy comparison source. Chapter VI shows the previous multi-band public-sector reporting structure that has since been superseded by the 2024 Directions.
| Revision Bucket | What you must retain |
|---|---|
| Core framework | Governing source: RBI (Fraud Risk Management in Commercial Banks and AIFIs) Directions, 15 July 2024. Theme of the chapter: detect early, investigate quickly, classify fairly, report on time, and enforce accountability. |
| Best study order | Use the chapter flow as: EWS → RFA → Forensic Audit → Natural Justice → Fraud Classification → RBI/LEA Reporting → Provisioning / Debarment / Staff Accountability. |
| Natural justice before fraud tag | Bank must follow SCN + hearing + reasoned order. Minimum borrower reply period: 21 days. This is a favourite exam differentiator from older one-sided fraud-tag practice. |
| SCBMF | Special Committee of the Board for Monitoring and Follow-up: minimum 3 board members, including 1 WTD and minimum 2 independent/non-executive directors; chaired by an independent/non-executive director. |
| RMCB role | RMCB approves EWS indicators and sets turnaround standards for alert examination, preferably within 30 days. |
| EWS meaning | Early Warning Signals are part of continuous credit monitoring, not an annual ritual. Indicators may be financial, operational, collateral-related, governance-related, or statement-related. |
| RFA meaning | Red Flagged Account = suspicion stage, not final fraud declaration. FMG should decide on RFA within 1 month of noticing EWS. |
| Consortium rule | Bank first noticing suspicion should call consortium meeting within 15 days. If lenders disagree, majority view can still move the case forward for forensic audit. |
| RFA timeline grid | Report RFA to RBI/CRILC within 7 days of red-flagging where threshold applies. Entire RFA-to-final classification cycle should ordinarily finish within 180 days. |
| Threshold to remember | CRILC-linked EWS/RFA threshold in this lesson: exposure of Rs. 50 crore. Below that, monitoring design is largely bank-driven. |
| Forensic audit | Used where diversion, malfeasance, or security alienation is suspected. Audit should normally finish within 3 months; decision on account status should be taken within 15 days after report receipt. |
| Fraud reporting to RBI | File FMR within 14 days from fraud classification. Flash Report is required for frauds above Rs. 5 crore, within 1 week. |
| Internal reporting ladder | Fraud of Rs. 1 lakh and above goes to the Board. Quarterly review goes to ACB. Larger cases are monitored through special board-level oversight. |
| CFMC / analytics | Identified frauds move to RBI’s monitoring channels including CFMC. Banks must also maintain a Data Analytics and Market Intelligence Unit for proactive fraud detection. |
| Law-enforcement reporting | Private/foreign banks: below Rs. 1 crore to State/UT Police; Rs. 1 crore+ also to SFIO. PSBs/RRBs: below Rs. 6 crore to State/UT Police; Rs. 6 crore+ to CBI. |
| PSB staff-accountability ladder | In PSBs/AIFIs, staff accountability follows CVC guidelines. Fraud cases of Rs. 3 crore and above are referred to ABBFF. |
| Provisioning / penalty | Fraud accounts require 100% provisioning, allowed to be spread over maximum 4 quarters from detection quarter. Fraud-tagged persons/entities face 5-year debarment from RBI-regulated funding after full repayment/settlement. |
| Related accounts rule | If one borrower account is fraud, other group entities with common promoters / WTDs must also be examined from a fraud angle. |
| Police / CBI routing | Private / foreign banks: below Rs. 1 crore to State / UT Police; Rs. 1 crore and above also to SFIO. PSBs / RRBs: below Rs. 6 crore to State / UT Police; Rs. 6 crore and above to CBI. |
| LEA already investigating | If Police/CBI/ED etc. have already initiated investigation, bank should immediately red-flag the account and continue fraud-classification procedure. |
| Case closure | Fraud closure for RBI purposes needs LEA/court disposal plus staff-accountability completion. Statistical closure may be allowed in certain long-pending small-ticket cases; write this carefully as a legacy / procedural note, not as the main fraud response. |
| What moved out | Wilful-defaulter doctrine, non-cooperative borrower treatment, FEO, and LOC are covered separately in the Wilful Defaulter lesson and should not be mixed into fraud-procedure answers. |
| Numbers to memorize | 21 days SCN reply, 30 days preferred EWS review, 1 month FMG RFA decision, 15 days consortium call, 7 days RFA reporting, 14 days FMR, 1 week Flash Report, 3 months forensic audit, 15 days post-audit decision, 180 days full classification cycle, 4 quarters provisioning, 5 years debarment. |
Lesson Doubts
Ask questions, get expert answers