How RBI Inspects a Bank: Inside the Section 35 Supervisory Exam
No cameras. No press release. A small team walks into a bank's head office with laptops and a checklist, and for the next few weeks, nothing is off-limits β not a loan file, not a WhatsApp complaint, not a locked drawer. This is an RBI supervisory examination, and it is happening to some bank in India almost every week of the year.
- Section 35 of the Banking Regulation Act, 1949 gives RBI the legal power to inspect the books and records of any bank in India, at any time, without prior permission from the bank's board.
- RBI's Department of Supervision conducts a yearly check on most banks, called the Annual Financial Inspection (AFI).
- Since 2012-13, RBI has used Risk Based Supervision (RBS), which focuses on future risks rather than only past transactions.
- Under the Prompt Corrective Action (PCA) framework, a bank breaches Threshold 1 if its Capital to Risk-weighted Assets Ratio (CRAR) falls below 9% or its Net NPA ratio rises above 6%.
- If a bank's CRAR falls below 3.625% β the worst PCA threshold β RBI can restrict its lending, dividends, and branch expansion.
- RBI can inspect any bank at any time under Section 35 of the Banking Regulation Act, 1949 β no permission from the bank needed.
- Since 2012-13, RBI uses Risk Based Supervision (RBS), focusing on future risk rather than just past transaction errors.
- The PCA framework uses hard numbers β CRAR below 9% or Net NPA above 6% β to trigger corrective restrictions on a weak bank.
- Inspections also check how a bank treats customers: complaint handling, KYC accuracy, and fraud-claim resolution.
- Off-site data returns keep RBI watching banks continuously between full inspections.
What exactly is an RBI supervisory examination?
Think of it as a full-body health check for a bank, done by a doctor who can also write prescriptions. RBI's inspectors don't just look at numbers on a screen. They sit inside the bank, pull physical loan files, question branch managers, and cross-check what the bank told RBI on paper against what is actually happening on the ground.
Every bank in India β public, private, foreign, small finance, cooperative β is subject to this. The exam has one simple goal: catch problems before depositors do.
What law gives RBI the right to walk into a bank?
Section 35 of the Banking Regulation Act, 1949 is the legal key. It lets RBI inspect a bank's books, accounts, and records whenever it wants β no advance appointment, no board approval required.
This is not a request. A bank that refuses to cooperate, hides records, or gives false information during an inspection can face directions or penalties under the same Act. This inspection power sits alongside other RBI tools that shape how much a bank can lend, such as CRR and SLR.
What does RBI actually look at inside a bank?
The checklist is long, but four things always get scrutiny:
- Loan quality: Is every bad loan correctly tagged as a Non-Performing Asset (NPA), or is the bank quietly hiding stress?
- Capital strength: Does the bank hold enough capital to survive shocks, measured through CRAR?
- Customer records: Are KYC (Know Your Customer) files complete and accurate, as required under the RBI Master Direction on KYC?
- Large exposure reporting: Has the bank correctly reported big loans to the Central Repository of Information on Large Credits, better known as CRILC?
Inspectors don't take the bank's word for any of this. They re-check a sample of files themselves.
Why did RBI switch to Risk Based Supervision (RBS)?
Before 2012-13, RBI's inspections were mostly backward-looking β checking last year's transactions for errors. That's like grading a student only on last semester's exam, ignoring whether they're about to fail this one.
RBS flipped that. Inspectors now build a risk profile of each bank β which loans could turn bad, which businesses are riskier, where fraud is more likely β and focus their time there. A small, well-run bank might get a lighter touch. A bank with rising stress gets watched constantly.
What happens if a bank fails the exam?
This is where the Prompt Corrective Action (PCA) framework kicks in β a traffic-light system based on two numbers: capital (CRAR) and bad loans (Net NPA).
- Threshold 1: CRAR below 9% or Net NPA above 6% β RBI restricts dividend payouts and branch expansion.
- Threshold 3 (the worst): CRAR below 3.625% β RBI can restrict lending altogether and push for management changes.
PCA isn't a punishment for one bad quarter. It's a structured recovery plan, forcing a weak bank to fix itself before it needs a bailout or a depositor payout under the DICGC insurance scheme.
π The part of the exam that's actually about you
Here's the angle most coverage misses: a bank inspection is not only about balance sheets β it's also about how the bank treats you, the customer. Inspectors sample complaint registers, check how fraud and unauthorised-transaction claims were handled, and verify that KYC updates weren't forced on you unfairly.
So when RBI tightens fraud-liability timelines for co-operative or payments banks, that same rulebook gets tested during the next inspection cycle. Your one complaint about a wrongly debited account could become a data point in a national supervisory report.
How is this different from RBI's daily monitoring?
The AFI is the big, once-a-year physical check. But RBI doesn't wait a full year to notice trouble. Banks continuously file off-site returns β data on deposits, loans, capital, and liquidity β that RBI's systems track between inspections.
So think of it as two layers: a constant, quiet data-watch running in the background, and a deep, hands-on inspection that periodically verifies the data being sent matches reality.
Questions people ask
Most commercial banks go through an Annual Financial Inspection once a year. Between these full inspections, RBI keeps watching through off-site data returns, so supervision never really stops.
Yes. Section 35 of the Banking Regulation Act, 1949 applies broadly across banks regulated under the Act, which is why urban and rural cooperative banks also face RBI inspections and rule changes.
A regular audit mostly checks whether past numbers are accurate. Risk Based Supervision (RBS) instead tries to predict which risks could hurt the bank next, and focuses inspection effort there.
PCA is triggered mainly by two numbers: capital adequacy (CRAR) and bad loans (Net NPA). If CRAR falls below 9% or Net NPA rises above 6%, the bank breaches Threshold 1 and faces restrictions.
It's very hard. Inspectors physically pull sample loan files and cross-check them against CRILC reporting and internal records, so mismatches between what a bank reports and what actually exists tend to surface during inspection.