RBI’s 100+ Penalties in a Year: What Went Wrong?

 

In the past year, the Reserve Bank of India (RBI) has imposed more than 100 monetary penalties on banks, NBFCs, fintechs, and cooperative institutions. These penalties span a wide range of compliance failures—from customer due diligence lapses to weak cyber security, and from outsourcing gaps to violations of lending norms.

While the penalties differ in size, they all point to a common theme: regulatory compliance is non-negotiable. Here’s a breakdown of the most frequent reasons behind these actions.

Category	Typical Lapses	Illustrative Orders	Key Directions
Change in management	Failed to take prior written permission of the RBI before appointing a director	Grewal Brothers Finance Company Private Limited (15 May, 2025) Mahindra Rural Housing Finance Limited (28 March, 2025) Habitat Micro Build India Housing Finance Company Private Ltd (28 March, 2025) Aptus Finance India Private Limited (31 Jan, 2025) GoCapital Finance Limited (17 Oct, 2024) RAR Fincare Limited (02 Sep, 2024) Ashoka Viniyoga Limited (12 Aug, 2024) Muthoot Housing Finance Company Limited (12 Aug, 2024)	Scale-Based Regulations
Change in shareholding	—	Ayodhya Finlease Limited (21 Aug, 2025) PayMe India Financial Services Pvt. Ltd. (05 June, 2025)	Scale-Based Regulations
End Use	Failed to ensure end-use of funds with respect to certain loans sanctioned by it.	Shree Kadi Nagarik Sahakari Bank Ltd (30 June, 2025) Mandvi Nagrik Sahakari Bank Ltd (17 June, 2025)	-
Gradation of risk and Interest rate	a) Failed to disclose and explicitly communicate the rate of interest and the approach for gradation of risks on its website.	Savery Transport Finance Ltd (28 March, 2025) JM Financial Home Loans Ltd (21 Feb, 2025) Hewlett Packard Financial Services (India) Pvt Ltd (13 Sep, 2024)	Scale-Based Regulations
IT & Audit	Non-implementation of prescribed cyber security controls. No IS Audit for Network & Security since inception. Poor audit log retention/analysis; unaddressed alerts.	Smriti Nagrik Sahakari Bank Maryadit (28 Jul, 2025) Shree Chhani Nagarik Sahakari Bank Ltd (03 Jul, 2025) SMFG India Credit Company Ltd (13 Sep, 2024)	Master Direction — IT Framework for NBFCs
KYC	a) Failed to carry out periodic updation of KYC of its customers. b) Delay in uploading Customer KYC Records (CKYCR) on time. c) BO identification gaps for legal persons. d) PAN not verified with issuing authority at the time of customer acceptance	Kalaburagi & Yadgir DCCB (25 Aug, 2025) Utkal Cooperative Bank Ltd (11 Aug, 2025) Smriti Nagrik Sahakari Bank Maryadit (28 Jul, 2025) Thane DCCB (17 July, 2025) District Central Cooperative Bank Ltd (03 Jul, 2025) Saibaba Nagari Sahakari Bank Maryadit (30 Jun, 2025)	KYC Directions
NPA	a) Failed to classify certain loan accounts as non-performing. b) Reclassifying NPAs as standard without clearing all arrears.	Bharat Co-operative Bank Ltd (25 Aug, 2025) Sarvodaya Commercial Co-op Bank Ltd (14 Aug, 2025) Shahada Peoples Co-op Bank Ltd (21 July, 2025) Pusad Urban Co-op Bank Ltd (06 May, 2025)	Prudential Norms & IRAC Guidelines
Outsourcing	Did not ensure that its agreements with service providers include a provision enabling RBI to cause an inspection to be made of the service providers	Bridge Fintech Solutions Pvt Ltd (07 March, 2025) Shriram Finance Ltd (14 Feb, 2025)	Scale-Based Regulations
Policy review	Did not conduct periodic review of the compliance of the Fair Practices Code and functioning of the Grievances Redressal Mechanism.	Bridge Fintech Solutions Pvt Ltd (07 March, 2025)	Scale-Based Regulations
Risk categorisation	Customers not classified as Low/Medium/High; periodic reviews not done.	Anand Mercantile Co-op Bank Ltd (25 Aug, 2025) Maharashtra Gramin Bank (14 Aug, 2025) HDFC Bank Ltd (26 March, 2025) Shriram Finance Ltd (14 Feb, 2025) HUDCO (06 Sep, 2024)	KYC Directions
Reporting to CIC / CRILC	No/partial submission to all CICs; data accuracy issues in CRILC.	Nanded DCCB (28 Aug, 2025) Utkal Cooperative Bank Ltd (11 Aug, 2025) Shriram Finance Ltd (14 Feb, 2025) Union Bank of India (12 Aug, 2024)	Scale-Based Regulations
Credit & Concentration (Exposure Limits)	Breaches of single-borrower exposure limits.	Purasawalkam Co-operative Bank Ltd (28 Aug, 2025) Mahoba Urban Co-op Bank Ltd (29 Aug, 2024)	Scale-Based Regulations
Other Non-compliances	Interest charged prior to disbursement/cheque issuance.	IIFL Samasta Finance Ltd (28 Feb, 2025)	Fair Practices

Disclaimer: This table consolidates RBI’s published penalty orders for easy compliance reference.

Key Takeaways for Regulated Entities

RBI’s recent enforcement actions are a reminder that proactive compliance protects both reputation and business continuity. Below are practical, immediately actionable steps every financial institution should prioritise:

1. Conduct Legal & Compliance Due Diligence
   • Review processes, agreements, IT systems and governance structures to identify gaps.
   • Pay attention to high-risk areas flagged by RBI: KYC, outsourcing, cyber security, reporting and exposure norms.
   • Prepare a compliance roadmap with clear timelines.
   • Undertake structured compliance audits or independent reviews.
   • Address legacy issues before they surface in inspections.
2. Formulate & Update Policies
   • Ensure KYC, Fair Practices, Outsourcing, IT/Cybersecurity and Risk Management policies are current.
   • Board-level approval and periodic review of policies is essential.
   • Include measurable controls and vendor clauses (with RBI inspection rights).
3. Implement with Discipline
   • Train staff and management teams on compliance responsibilities.
   • Introduce dashboards and monitoring triggers with documented evidence of reviews.
   • Follow a “test & evidence” approach to prove implementation.

In our previous blog, we have cover a list of policies that NBFCs should draft or update to stay on the right side of RBI’s tightening scrutiny.