What changed
RBI reinforced that the Special Committee of the Board, chaired by the CEO, must own the fraud investigation and monitoring function for high-value frauds (₹1 crore and above). Banks are now required to frame board-approved internal policies for fraud risk management and investigation, with clear ownership and accountability for systemic control failures.
What it means for you
Banks must elevate fraud risk management to a board-level priority, with CEOs personally accountable for control weaknesses that enable large frauds. This shifts focus from reactive investigation to proactive prevention, requiring stronger internal controls and timely reporting to regulators. Lenders face increased scrutiny on governance standards and may need to restructure their fraud oversight committees.
What you must do
- Review and update your bank's fraud risk management policy with board approval, ensuring CEO and Special Committee ownership of high-value fraud cases.
- Strengthen internal controls in retail segments (housing loans, credit cards, internet banking) and traditional areas (cash credit, export finance, guarantees, LCs) to prevent fraud.
- Ensure prompt and accurate reporting of all fraud cases to RBI and law enforcement, with clear accountability for delays or misreporting.
- Conduct a gap analysis of your current fraud investigation function against the governance framework outlined in the circular.
- Train operating staff to balance business targets with control standards, avoiding incentives that lower control quality.
Who it affects
Chairmen and CEOs of all scheduled commercial banks (excluding RRBs), Audit Committees of the Board, Special Committees of the Board for monitoring large frauds, Fraud risk management and investigation teams, Branch-level operating staff handling retail and traditional banking products
What is the threshold for 'high-value frauds' under this circular?
The circular refers to frauds involving amounts of ₹1 crore and above, as per the earlier January 2004 directive, which the Special Committee of the Board must monitor.
Does this circular apply to Regional Rural Banks (RRBs)?
No, the circular explicitly excludes RRBs from its scope, as it is addressed to all scheduled commercial banks excluding RRBs.
What happens if a bank fails to comply with these fraud risk management requirements?
The circular does not specify penalties, but it emphasizes that CEOs and board committees own accountability for systemic control failures, implying regulatory action or supervisory scrutiny for non-compliance.