The Reserve Bank of India, on Monday, issued three revised master directions on fraud risk management for commercial banks, cooperative banks and non-banking financial companies.
Through these directions, the regulator has incorporated the need for compliance with the principles of natural justice for all regulated entities, while classifying persons/entities as fraud, in line with a Supreme Court judgement from March 2023.
The top court's judgement was in the case of State Bank of India and Ors v. Rajesh Agarwal and Ors. It said, back then, that banks can't unilaterally declare an account as fraud without giving the defaulter the right to be heard.
The Supreme Court also added that under these principles, borrowers must be served a notice to explain the conclusion of the forensic audit report. This would allow them an opportunity to explain and represent themselves in front of the lenders, much before to their account being classified as fraud.
What Changes For Banks?
Through the revised master directions, the regulator has strengthened the framework on early warning signals, red flagging of accounts, and timely reporting to law enforcement agencies. It has emphasised that all regulated entities must have a data analytics and market intelligence unit for better risk management systems.
While the role of the board in overall governance has been reiterated, RBI has also emphasised on the need for a robust internal audit and control framework.
For commercial banks, some of the changes in fraud risk management will be as follows:
There shall be a board approved policy on fraud risk management.
Banks will have to issue a detailed show-cause notice to entities engaged in fraud and to promoters/whole-time directors, etc., against whom the allegations of fraud is being examined.
A reasonable time of not less than 21 days must be provided to persons/entities to respond after the show-cause notice is served.
Banks will have a well-laid system for issuance of show-cause notice, examination of responses or submissions made by entities. This must be prior to declaring them as "fraudulent".
Lenders must serve a reasoned order to entities with the decision of the bank about classification of the account as fraud.
Banks are also required to have a 'Special Committee of the Board for Monitoring and Follow-up of cases of frauds'. It must have minimum of three members of the Board and be headed by one of the independent directors or non-executive directors.
In addition to these, banks are also required to have a framework for early warning signals and red flagging of accounts under the board approved fraud risk management policy.
According to RBI, a red-flagged account is one where suspicion of fraudulent activity is thrown up by the presence of one or more indictors of early warning signals, leading to deeper investigation from the point of view of potential fraud.
However, in cases where a credit facility or loan account are classified as a red-flagged account, banks would be required to use an external audit or internal audit for further investigation, RBI said in its revised directions. This, too, must be in line with the board approved policy.
In line with the revised directions, the regulator has withdrawn the existing 36 circulars. The new rules have also been made applicable to all regional rural banks, rural cooperative banks and housing finance companies.