RBI Orders Banks to Freeze Accounts of 23 New UAPA Terror Designates
On July 15, 2026, a routine compliance email landed in the inbox of every bank and NBFC CEO in India. The subject line: 23 new names. The message: freeze, report, comply — or face consequences.
- MHA notified 23 individuals as 'Terrorist' under Section 35 of UAPA, 1967, via S.O. numbers 3623(E) to 3645(E) dated July 4, 2026, adding them to the Fourth Schedule as entries 58 to 80.
- RBI circular RBI/2026-27/186, issued July 15, 2026, directs all regulated entities to comply with the UAPA Order dated February 2, 2021, which is Annex I of the RBI KYC Directions 2025 (November 28, 2025, amended December 29, 2025).
- Regulated entities must freeze matching accounts immediately and report details to FIU-IND and advise MHA, as per the UAPA Order dated February 2, 2021.
- The list includes individuals such as Masood Ilyas Kashmiri (entry 58), Firdous Ahmad Bhat (entry 63), and Mohammed Shaheed Faisal (entry 80).
- MHA added 23 individuals to UAPA's Fourth Schedule on July 4, 2026; RBI circular dated July 15, 2026 mandates compliance.
- All regulated entities — banks, NBFCs, co-operative banks, ARCs — must freeze matching accounts and report to FIU-IND and MHA.
- The UAPA Order dated February 2, 2021, is the procedural framework; it applies to all future amendments to Schedule IV automatically.
- Smaller institutions with manual screening processes are most at risk — this circular is a signal to automate AML checks.
- Monitor future MHA amendments; the circular explicitly requires immediate compliance with any changes to Schedule IV.
What Exactly Changed on July 15, 2026?
The Ministry of Home Affairs (MHA) published a gazette notification on July 4, 2026, adding 23 people to the Fourth Schedule of the Unlawful Activities (Prevention) Act, 1967. This means the government has officially designated them as terrorists.
RBI followed up on July 15, 2026, with circular RBI/2026-27/186, telling every bank and NBFC in India: update your systems, screen your customers, and report any matches immediately.
The circular references the UAPA Order dated February 2, 2021, which is Annex I of the RBI KYC Directions 2025. That order lays down the exact procedure for freezing accounts and reporting to authorities.
Who Must Comply?
This is not just for big banks. The circular applies to:
- Commercial Banks, Small Finance Banks, Payment Banks
- Urban Co-operative Banks, Rural Co-operative Banks, Regional Rural Banks, Local Area Banks
- Non-Banking Financial Companies (NBFCs), Asset Reconstruction Companies (ARCs)
- All India Financial Institutions
If you are a compliance officer at any of these entities, this circular is your responsibility.
What Must You Do? A Step-by-Step Checklist
Step 1: Update your AML/KYC screening systems with all 23 names and their aliases. The circular lists each name with multiple variations — for example, 'Masood Ilyas Kashmiri @ Mufti Masood Ilyas @ Masood Ilyas @ Abu Mohammad @ M. Masood Ilyas.' Your system must catch any of these.
Step 2: Run a backward scan on existing customers. Check if any account already on your books matches a name on this list.
Step 3: If you find a match, freeze the account immediately. Do not wait for confirmation. The UAPA Order dated February 2, 2021, requires immediate freezing.
Step 4: Report to FIU-IND (Financial Intelligence Unit – India) with full details of the account.
Step 5: Advise MHA separately, as required under the UAPA notification.
Step 6: Monitor future amendments. The circular explicitly says: 'REs shall also take note of any future amendments to Schedule IV of the UAPA, 1967, for immediate necessary compliance.'
The Legal Backbone: UAPA, KYC Directions, and the February 2, 2021 Order
This circular does not create a new law. It activates an existing framework. Here is how the pieces fit together:
- UAPA, 1967, Section 35: Gives the government power to designate individuals as terrorists and list them in the Fourth Schedule.
- RBI KYC Directions 2025 (November 28, 2025): Chapter IX of these directions covers obligations under international agreements and communications from international agencies. It incorporates the UAPA Order dated February 2, 2021, as Annex I.
- UAPA Order dated February 2, 2021: This is the procedural bible. It tells banks exactly how to freeze accounts, whom to report to, and what documentation to maintain.
The key point: the February 2, 2021 order applies not just to UN Security Council lists but also to amendments to Schedule IV and I of UAPA. So every time MHA adds a name, the same procedure kicks in automatically.
Real-World Scenario: What Happens When a Match Is Found
Imagine Ravi, the compliance officer at a mid-sized NBFC in Pune. His daily AML scan flags a new account holder named 'Firdous Ahmad Bhat' — entry 63 on the list.
Ravi does not wait. He freezes the account, files a report to FIU-IND through the FINnet portal, and sends an email to MHA's counter-terrorism division. He documents every step, as required by the February 2, 2021 order.
Within 24 hours, the account is locked, the authorities are informed, and the NBFC has complied. No drama. Just procedure.
The Unseen Angle: Why This Circular Matters More Than You Think
Most compliance teams will update their screening systems and move on. But here is the angle nobody covers: this circular is a stress test for your AML infrastructure.
If your system cannot handle 23 new names with multiple aliases, it will fail when MHA adds 230 names. The circular is a quiet reminder that your screening software, your data quality, and your team's response time are being tested — every single time.
Also note: the circular applies to all regulated entities, including small co-operative banks and rural banks. These smaller institutions often have manual screening processes. For them, this circular is a wake-up call to automate or risk non-compliance.
How This Connects to Other RBI Rules
This circular is part of a broader compliance ecosystem. If you are studying for the RBI Grade B exam, understanding UAPA and KYC linkages is essential — it frequently appears in the Phase 2 Finance syllabus.
For practicing bankers, this circular sits alongside the RBI Compliance Calendar 2026-27, which tracks every regulatory deadline you must meet.
And if you are wondering whether older circulars still apply, the guide on checking circular validity explains how to verify.
Questions people ask
The Fourth Schedule of the Unlawful Activities (Prevention) Act, 1967, lists individuals and entities designated as terrorists by the Government of India. Banks must screen customers against this list and freeze accounts of any matches.
Freeze the account immediately. Then report the details to FIU-IND and separately advise the Ministry of Home Affairs, following the procedure in the UAPA Order dated February 2, 2021.
Yes. The circular explicitly covers Urban Co-operative Banks, Rural Co-operative Banks, and Regional Rural Banks. Every regulated entity must comply.
Both. The circular says you must comply with this list and also monitor any future amendments to Schedule IV of UAPA, 1967, for immediate action.
It is a government order that lays down the exact procedure for freezing accounts, reporting to FIU-IND and MHA, and maintaining records when a customer matches a designated terrorist list. It is Annex I of the RBI KYC Directions 2025.
The full list with S.O. numbers and aliases is in RBI circular RBI/2026-27/186, available on the RBI website and on BankPulse at the decoded page.