Submit RFP
Submit RFP
Previous search terms
    RBI releases revised fraud risk management directions for Regulated Entities

    RBI releases revised fraud risk management directions for Regulated Entities

    This issue of the first notes aims to provide an overview of the revised fraud risk management system and framework for banks, NBFCs (including HFCs).

    Introduction

    With an aim to promote better fraud risk management systems and framework in Regulated Entities (REs), on 15 July 2024, the Reserve Bank of India (RBI) has issued three revised master directions on fraud risk management, which are applicable to banks, Non-Banking Financial Companies (NBFCs) (including Housing Finance Companies (HFCs)) and co-operative banks. All three master directions are together referred to as revised MD.

    The revised MD are principle-based and strengthen the role of the board of directors in the overall governance and oversight of fraud risk management in Regulated Entities (REs). 

    These revised MDs are silent on the effective date and hence may be applicable with immediate effect. However, the Early Warning Systems of banks and NBFCs need to be set up or upgraded within six months from the date of this circular.

    Key changes noted in the revised MD compared to erstwhile regulations are summarised below:

    Applicability and Purpose

    The revised MDs have extended its scope to include Regional Rural Banks and all NBFCs having asset size of INR 500 crore and above. The approach of revised MD include principles of ‘prevention’ in addition to detection and reporting.

    Governance

    RBI has prescribed governance requirements for NBFCs (including HFCs) for the first time. However for Banks, RBI requires them to follow a more structured approach to govern the fraud risk management. The Revised MD have:

      1. Shifted the responsibility to oversee frauds from Audit Committee to special committee of REs, whereas implementation responsibility has been assigned to senior management of REs.
      2. Extended scope of whistle blower policy beyond staff of the Bank.
      3. Defined timeline for review of such policy and prescribed content of Board approved policy such as measures towards prevention, early detection, investigation, reporting of frauds, etc.
      4. Prescribed disclosure of frauds by NBFCs including HFCs.

      Framework for Early Warning Signals for detection of frauds

      The Revised MD requires NBFCs (including HFCs) to implement framework for Early Warning Signals (EWS) for Detection of Frauds. Whereas for Banks, requirement for framework of EWS has been made robust to bring following key changes:

          1. The revised MD-banks has brought non-credit related transactions as well under the ambit of EWS mechanism
          2. Banks to set up data analytics and market intelligence unit, to identify unusual pattern and activities in accounts.
          3. Banks to define Turnaround Time (TAT) for examination of EWS alerts or triggers, which should not exceed 30 days.
          4. Banks to upgrade their existing EWS systems within six months from the date of issuance of the revised MD.
          5. The Risk Management Committee of the Board has been assigned the overall responsibility of overseeing effectiveness of framework of EWS, whereas implementation responsibility has been assigned to senior management of REs.

          Red Flagged accounts

          The revised MD have defined the role of internal audit in fraud risk management framework of Banks and NBFCs (including HFCs). While the scope of statutory auditor of banks remain similar, the scope of auditors of NBFCs (including HFCs) has increased.

          Legal audits of title documents

          The revised MD prescribes new requirements for NBFC to conduct legal audits of title documents of Large Value Loan accounts periodically.

          Investigation on fraud accounts sold to other Lenders / ARCs

          The revised MD require REs to complete the investigation on each loan being transferred from fraud angle and report it to RBI if the account is concluded to be a fraud.

          Role of Auditors

          The revised MD have defined the role of internal audit in fraud risk management framework of Banks and NBFCs (including HFCs). While the scope of statutory auditor of banks remain similar, the scope of auditors of NBFCs (including HFCs) has increased.

          Reporting of Frauds to Law Enforcement Agencies

          The revised MD require REs to report the incidents of fraud to LEAs within a prescribed timeline. 

          Reporting of Frauds to RBI and subsequent closure

          The Revised MD now prescribes additional categories of fraud for classification and reporting by REs. Following relaxations/requirements prescribed for closure of frauds:

            1. The conditions of write off, recovery, insurance claims, and review of systems and procedures have been removed.
            2. The limits for closure of fraud for statistical /reporting purpose has been revised from INR 2.5 million to INR 1 crore.
            3. Incremental condition of completion of staff accountability and disciplinary action before closure is imposed.

            This issue of First Notes aims to provide an overview of the revised MD issued for banks and for NBFCs (including HFCs) and highlight the key changes as compared with the older master directions which they have been superseded.

              Access our latest insights on Apple or Android devices

              kpmg-insights-edge-qr