INTRODUCTION
On 15th July, 2024, the Reserve Bank of India (“RBI”) issued three revised Master Direction on Fraud Risk Management for Commercial Banks and All India Financial Institutions(“AIFIs”)[1], Cooperative Banks[2], and Non-Banking Financial Companies including housing finance companies[3]. RBI’s revised rules on the Master Directions of Fraud Risk Management (“MD-FRM”) in Commercial Banks, Cooperative Banks, and in NBFCs (collectively referred to as “Regulated Entities”) assisted in solving the ever growing ambiguity of red-flagging of the accounts arbitrarily and marking them ‘Fraud’ on account of failing to meet its payment obligation, without exercising their elementary rights and/ or privileges of natural justice. Thus, based on this precept, this article attempts to understand the ambiguity with respect to which the MD-FRM operated for tagging an account as loan frauds, and how the new directions aim to alter the position in the realms of audi alteram partem. As the paper digresses it highlights the nature with which the direction used to operate and presents how in lieu of the new directions, the borrower is provided with the right of being heard by the lender banks before it classifies their account as frauds.
THE NEW MASTER DIRECTION
The three Master Directions have been made with the view to strengthen the existing framework of banks for the prevention, early detection and timely reporting of incidents of fraud, which inter alia included attempted frauds, cheque related frauds, loan frauds and with cases relating to theft, burglary, dacoity and bank robberies.[4] As per the previous direction[5], there was no express or implied provision mandating the issuance of notice to the concerned borrower with respect to their account flagged as fraud. However, now the same is added to the direction .
The directions were in lieu of the directives issued by the Supreme Court in the case of State Bank of India & Ors. vs. Rajesh Agarwal & Ors. [6] for the issuance of a time-bound mechanism before classifying a person or entity as fraud. Herein the court held that the classification of the borrower’s account as fraudulent would entail civil consequences to the borrowers, which further disentitles them with the right to raise finance for their business. Henceforth, the court concluded that it is reasonably practicable for the lender banks to provide an opportunity of a hearing to the borrowers before classifying their account as fraud.[7] Consequently, RBI issued the revised Master Directions, fostering for a strong governance[8] by setting up a Board-approved policy on risk management, a robust early warning system for the detection of fraud, a strong reporting framework, and provides for a strengthened regulatory framework and compliance.[9]
BACKGROUND
- Old Position of Fraud Risk Management over Commercial Banks, Cooperative Banks & NBFCs
The aspect of Fraud Risk Management has been an underpinning issue for which the RBI was earlier dealing with through the “ Master Direction on Fraud-Classification and Reporting by commercial banks and select FIs, 2016”[10] which was applicable to the scheduled commercial banks and excluded Regional Rural Banks and selected Financial Institution( this classification is referred as “Banks” for brevity), “Master Circular on the Classification & Reporting, 2014”[11], and the “Monitoring of Frauds in NBFCs (Reserve Bank) Directions, 2016[12] .
Therein, the directions largely dealt with classification and reporting of frauds, specific responsibilities for Regulated Entities management and the necessary timely reporting of the fraud incidents. Therein, it provided that it was mandatory on the part of the Bank to report to frauds exceeding specified threshold of Rs. 500 million or more at the level of the Bank, Rs. 1 lakh or above for NBFCs.
The previous MD-FRM was made with the view to provide for the Banks to detect and report frauds early and take timely actions to mitigate the risk associated with the same. Based on this, frauds have been classified as:
- Misappropriation and Criminal breach of trust
- Fraudulent encashment through forged instruments, manipulation of books of account or through fictitious accounts and conversion of property.
- Unauthorized credit facilities extended for reward or for illegal gratification
- Cash shortages
- Cheating and Forgery
- Fraudulent transactions involving foreign exchanges.
- Fraudulent transactions involving foreign exchanges, and all other types of frauds not specific to the heads as above.
Additionally, it provided for the establishment of the Central Fraud Registry(“CFR”) which provided for a searchable database replacing the earlier practice of issuing paper-based Caution Advice[13], and had a robust internal control & audit mechanism. Thus, the previous directions provided for a foundational framework for managing fraud risk in the banking sector.
- New Position of Fraud Risk Management over Commercial Banks, Cooperative Banks and NBFCs
In lieu of the directions issued by the Supreme Court, the RBI came up with three Master Direction with an aim to alter and provide for a robust internal audit mechanism, and attaining the same while keeping the principle of natural justice right of the borrower’s intact, while limiting the instance of tagging the loan account as fraud arbitrability.
Thus, to mitigate the risk of fraud, Early Warning Signals( “EWS”) and Red Flagged Accounts (“RFA”) whichwere in place, and by virtue of which the lender banks had the option to flag an account based on the EWS signals which they received, which inter alia included default in undisputed payment, to funds coming from other banks to liquidate the outstanding loan amount, to even dispute over title to collateral securities[14]. Thus, it provides that any delay in filing the complaint of the account to be termed as ‘fraud’ would be limited, which thereby deprived the borrowers from the right to be served with the notice before its classification as fraud.[15]
As per the direction laid down by the RBI, it mandates that the Regulated Entities have to necessarily comply with the principle of natural justice[16] in a time-bound manner before it classifies a person or entity as fraud. Thereby, it largely differs from the previous master directions of the RBI[17] as now a more robust regulatory governance framework, coupled with early detection of fraud is added. Further, under the present directions, it is obligatory on the part of the Bank’s to approve their own Policy on FRM delineating clearly the roles and responsibilities of board committees and senior management of the Bank such that in matters pertaining to fraud risk management, early detection, prevention of fraud are tackled in a time constrained setting, without upsetting the borrower’s right natural justice.
ENHANCED FRAMEWORK FOR FRAUD DETECTION AND PREVENTION
The Master Directions apply to all the ‘Regulated Entities’ with the purpose of early detecting and timely reporting of fraudulent incidences by the Regulated Entities to improve the fraud risk management, by firstly,introducing Board-approved policy on fraud risk management and framing EWS and RFA with issuance of Show-Cause Notice( “SCN”) to entities engaged in fraud (as detailed under this section IV); and secondlyimproving the reporting requirements and periodic audits of large-value loan account (as detailed under section V below).
As per the Master Directions, all Regulated Entities have to mandatorily create for a Board approved policy on fraud risk management which inter alia would contain measures towards prevention, early detection, investigation, recovery and reporting amongst others. Earlier, there was no specific provision where the borrower was provided with the opportunity of being heard, however now it is of paramount importance to ensure that the principle of natural justice is adhered to, wherein a detailed SCN would be issued to the persons, entities and its promoters/ whole-time and executive directors against whom allegation of fraud is being examined[18]. Further, a reasonable time of not less than 21 days shall be provided to further respond to the said SCN.[19]
Additionally, unlike previously[20] where the special committees constituted largely involved the board of directors and key managerial personnels who would oversee the monitoring and follow up of the fraud involving amount of Rs. 10 Million or above, the present regulation for Commercial Banks calls for the involvement of 2 independent directors/ non-executive directors for monitoring and follow-up of the cases, within the other 5 directors, and those committees shall be headed by the one of the independent directors.[21] The same follows the theme in the case of NBFCs regulation wherein the special committee shall be of 3 members of the Board, with two independent directors[22]. However, for the Cooperative Societies regulation the same would consist of the chief executive officer and the two directors[23]. Furthermore, with the present regulation no threshold amount is mentioned for the special committee to come into motion. Thus, this will ensure that matters of fraud risk management are handled effectively, and strengthen the aspect of internal control, minimizing the incidence of fraud.
Separately, the EWS and RFA regulations have also been revamped and strengthened to review the alerts or trigger in a prescribed time bound manner. Under these revised directions, the EWS indicators identified for the monitoring credit facilities/ loan accounts and other banking transactions would now be approved by the Risk Management Committee of the Board (“RMCB”) and the appropriate time for the examination of EWS alerts shall be for not more than 30 days.[24]. Additionally, for the EWS & RFA to work in coherence with each other, banks have to necessarily set up dedicated Data Analytics and Market Intelligence (“MI”) units to facilitate the collection and the processing of relevant information to enable an early detection and prevention of potential fraud.
Henceforth , it attains to achieve a robust Fraud Risk Management regime, where the before the loan account is disregarded as “Fraud’, the borrower’s right of being heard is well catered to.
EMPHASIS ON INTERNAL AUDITS & CONTROL
In addition to the aforesaid, the Master Direction also strives to ensure that a proper and structured framework of compliance and audits is adhered to. Under the previous regime, the Regulated Entities tend to report an account as fraud only when they exhaust the chances of further recovery.[25] As per the new directions , for Commercial Banks, ithas to necessarily frame a policy on the engagement of external auditors covering the underlying aspect of due diligence, competency and timelines for the completion of the audits and submission of audit reports to the banks.[26]
Thereby, it is now obligatory for the Regulated Entities to ensure that the principle of natural justice is adhered to before classifying or declaring an account as fraud and the entire process of classification of the account is completed within 180 days from the date of first reporting if the account[27]. Lastly, Regulated Entities largely depend on third-party service providers as a part of pre-loan or post-loan monitoring. Thus, to protect against fraud, now it would be obligatory on their part to include terms in their contract so as to hold these third-parties liable in cases where willful negligence/ malpractice by then is found to be the causative factor of fraud[28].
Therefore, it can be concluded from the nature of the scheme itself that unlike the previous directions, now in instances where suspicion of fraudulent activity is triggered by virtue of early warning signals leading the account as being red flagged, the Banks would require to use an external audit along with an internal auditor to further the investigation.
KEY HIGHLIGHTS OF THE REVISED MASTER DIRECTIONS
The New Master Direction as issued by the RBI is based on the comprehensive review of the earlier Directions, and led to dropping of 36 previous circulars on the Fraud Risk Management, to simplify the regulation and hence lessen the burden of compliance.[29] Further, the same strengthened the overall governance and oversight of fraud.
| Sl. No. | Parameter | Old Guidelines | New Master Direction |
| Approach | Multiple circulars and Master Directions existed. Earlier, it was prescriptive and often rigid in requirement | Based on a comprehensive review and simplification of the earlier guidelines Further this is Principle-based , allowing flexibility in implementation. | |
| Fraud Reporting | No uniformity in categorizing fraud incidents. | Introduced 10 specific categories from consistent reporting. | |
| Governance Framework | Limited role of the Board in fraud management. | Defined the responsibilities of Board, audit committee, and special committee in overseeing fraud risk management. Mandating regular updates to fraud risk management policies by the Board. | |
| Ownership of Fraud Risk | Ownership was not clearly defined leading to lack of proactive measure. | Established the obligation of the audit committee, special committee and key-managerial person for Fraud Risk Management, specially for large-value fraud | |
| Accountability | Accountability mechanism was vague earlier. | Establish internal policies that define the governance standards, ensuring clear accountability for fraud management. | |
| Compliance Burden | Compliance was cumbersome due to multiple overlapping guidelines. | Simplified the regulation to reduce the compliance burden. | |
| Fraud Monitoring | Limited focus on proactive fraud monitoring | Robust fraud monitoring system and regular audits. | |
| Reporting to RBI | Inconsistent reporting practices among banks | Mandated standardized reporting practices to ensure consistency and reliability in data shared with RBI |
CONCLUSION
RBI’s initial concern was Fraud Risk Management in the space of Commercial Banks, Cooperative Banks and NBFCs were mostly concerned with the fact that once the fraud is to be detected, robust and quick action would be taken to rectify the account from being red flagged. However, this left a staggering effect on the rights of the borrower for he being denied the right to SCN, barring the fundamental right of the borrower to be heard. With the recent directions in place, it caters to close the ambiguity surrounding fraud risk management and ensures that recovery of the credit facility or loan account are accounted for, both in the right and effective manner, provided that the same should not come at the cost of borrower’s right of not being heard.
[1] Reserve Bank of India, “Master Directions on Fraud Risk Management in Commercial Banks (including Regional Rural Banks) and All India Financial Institutions” (July 15th 2024). Available at: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12702
[2] Reserve Bank of India, “Master Directions on Fraud Risk Management in Urban Cooperative Banks (UCBs) / State Cooperative Banks (StCBs) / Central Cooperative Banks (CCBs)” (July 15th 2024). Available at: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12703
[3] Reserve Bank of India, “Master Directions on Fraud Risk Management in Non-Banking Financial Companies (NBFCs) (including Housing Finance Companies)” (July 15th 2024). Available at: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12704
[4] State Bank of India and Ors. vs. Rajesh Agarwal, AIR 2023 SC 1859, Para 18.
[5] Reserve Bank of India, Master Directions on Frauds-Classification and Reporting by commercial banks and selected FIs (July 01, 2016). Available at:https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=10477
[6] State Bank of India and Ors. vs. Rajesh Agarwal, AIR 2023 SC 1859
[7] “RBI issues revised circular to declare accounts as fraud, incorporates Supreme Court ruling on borrower rights” Business Today, July 15th 2024. Available at: https://www.businesstoday.in/industry/banks/story/rbi-issues-revised-circular-to-declare-accounts-as-fraud-incorporates-supreme-court-ruling-on-borrower-rights-437244-2024-07-15
[8] “RBI issues revised Master Directions on Fraud Risk Management for Regulated Entities” Business Standard , July 15th 2024. Available at: https://www.business-standard.com/markets/capital-market-news/rbi-issues-revised-master-directions-on-fraud-risk-management-for-regulated-entities-124071500911_1.html
[9] “RBI revises rules to manage financial fraud” The Hindu, July 15th 2024. Available at: https://www.thehindu.com/business/rbi-revises-rules-to-manage-financial-fraud/article68407164.ece
[10] Reserve Bank of India, “Master Directions on Frauds- Classification and Reporting by commercial banks and select FIs” (July 01, 2016). Available at: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=10477#11
[11]Reserve Bank of India, “Master Circular on Frauds-Classification and Reporting”, (July 01,2014). Available at: https://www.rbi.org.in/commonperson/english/Scripts/Notification.aspx?Id=1400
[12] Reserve Bank of India, “Master Direction-Monitoring of Fraud in NBFCs(Reserve Bank) Directions”, (September 29, 2016). Available at: https://rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=10622#C4
[13] Refer to 3.1 of the Master Direction of Frauds-Classification & reporting by commercial banks and select FIs-July 01, 2016. Available at: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=10477
[14]Reserve Bank of India, Master Directions on Frauds-Classification and Reporting by commercial banks and selected FIs (July 01, 2016). Clause 8.3 Available at:https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=10477
[15] Supra Note 7
[16] Pragatti Oberoi, “RBI Directs Lenders To Give Borrowers A Chance To Explain In Fraud Cases” NDTV Profits July 15, 2024. Available at: https://www.ndtvprofit.com/business/rbi-revises-fraud-risk-management-directions-for-lenders
[17] Supra note 11
[18] Refer to Ch:2 (2.1.1.1) of the Master Directions on Fraud Risk Management in Commercial Banks-July 15, 2024
[19] Ibid
[20] Refer to 4.4 of the Master Direction on Frauds-Classification & Reporting by Commercial Banks and select FIs- July 03, 2017.
[21] Refer to 2..1.3 of the Master Directions on Fraud Risk Management in Commercial Bank, July 15, 2024. Available at: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=10477
[22] Refer to 2.3 of the Master Direction on Fraud Risk Management in NBFCs, July 15, 2024. Available at: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12704
[23] Refer to 2.3 of the Master Direction on Fraud RIsk Management in Urban Cooperative Banks/ State Cooperative Banks/ Central Cooperative Banks, July 15, 2024. Available at: https://www.rbi.org.in/Scripts/BS_ViewMasDirections.aspx?id=12703
[24] Refer to 3.1.3 of the Master Direction on Fraud Risk management in Commercial Banks & AIFIs- July 15, 2024. Available at: Reserve Bank of India – Master Directions (rbi.org.in)
[25] Refer to 8.4 of the Master Direction on Fraud-Classification and Reporting by Commercial banks and select FIs- July 03, 2017. Available at: Reserve Bank of India – Master Directions (rbi.org.in)
[26] Refer to 4.1.1 of the Master Direction on Fraud Risk management in Commercial Banks & AIFIs- July 15, 2024. Available at: Reserve Bank of India – Master Directions (rbi.org.in)
[27] Refer to 4.1.5 of the Master Direction on Fraud Risk management in Commercial Banks & AIFIs- July 15, 2024. Available at: Reserve Bank of India – Master Directions (rbi.org.in)
[28] Refer to 4.2 of the Master Direction on Fraud Risk Management in Commercial Banks & AIFIs- July 15, 2024. Available at: Reserve Bank of India – Master Directions (rbi.org.in)
[29] Sneha Kulkarni, “These 10 Transactions will be reported as fraud to RBI, as per new rules”, Economic Times Online. Available at: https://economictimes.indiatimes.com/wealth/personal-finance-news/these-10-transactions-will-be-reported-as-fraud-to-rbi-as-per-new-rules/articleshow/111780623.cms
