Preserving financial stability while building a resilient and sound financial system continued to remain as the primary objective of regulatory and supervisory initiatives during the year. Accordingly, several regulatory and supervisory measures were undertaken in line with global best practices towards further strengthening governance and risk management practices and regulatory reporting system. Harnessing technology for effective supervision along with a focus on enhancing cyber security, strengthening fraud detection mechanism and consumer protection were also pursued as concurrent objectives.

VI.1 The domestic financial system remained sound and resilient during the year. The Reserve Bank continued with concerted endeavours to fortify the financial system and promote responsible innovations amidst emerging challenges from technological disruptions, cyber risks and climate change. As part of the overall objective of aligning the regulatory/supervisory framework with global best practices, significant strides in the areas of risk management, regulatory compliance and enforcement, and consumer education and protection were undertaken during the year.

VI.2 The Department of Regulation (DoR) issued guidelines, inter alia, on key facts statement (KFS) on loans and advances; eligibility criteria for voluntary transition of small finance banks (SFBs) to universal bank; harmonisation of regulations applicable to housing finance companies (HFCs) and non-banking financial companies (NBFCs); submission of information to credit information companies (CICs) by asset reconstruction companies (ARCs); operational risk management and operational resilience; and prudential treatment to be followed while implementing debt relief schemes.

VI.3 The FinTech Department expanded the scope and coverage of central bank digital currency (CBDC) pilots by testing use cases of programmability and offline functionalities and distribution of CBDC wallets by select non-banks in CBDC-retail (CBDC-R); addition of standalone primary dealers to CBDC-wholesale (CBDC-W) ecosystem and upgradation in technical architecture; scaled up the ongoing pilot on unified lending interface (ULI) to include more lenders, data service providers and loan journeys; released framework for self-regulatory organisations (SROs) for FinTech sector and recognised an Association as SRO; and launched FinTech and EmTech repositories.

VI.4 The Department of Supervision (DoS) initiated measures to further strengthen and integrate both onsite and offsite supervision, including cyber/information technology (IT) related risk assessment, emphasis on fraud risk management and know your customer (KYC)/ anti-money laundering (AML) supervision; guidelines on prompt corrective action (PCA) framework for urban cooperative banks (UCBs); enhancing cross-border supervisory engagements with overseas authorities in key global jurisdictions; and development of supervisory data quality index (sDQI). The Consumer Education and Protection Department (CEPD) continued with its efforts towards augmenting consumer awareness on safe banking practices and extant customer service regulations and protection; and strengthening grievance redress mechanism.

VI.5 This chapter discusses regulatory and supervisory measures undertaken during 2024-25 to strengthen the financial system and to preserve financial stability. The rest of this chapter is divided into five sections. Section 2 deals with the mandate and functions of the Financial Stability Department (FSD). Section 3 dwells upon regulatory measures undertaken by the DoR along with activities of the FinTech Department. Section 4 covers supervisory measures undertaken by the DoS and enforcement actions carried out by the Enforcement Department (EFD). Section 5 highlights the role played by CEPD and Deposit Insurance and Credit Guarantee Corporation (DICGC) in protecting consumer interests, spreading awareness and upholding consumer confidence. The agenda of these departments for 2025-26 are covered in the respective sections of this chapter. Concluding observations are set out in the last section.

2. FINANCIAL STABILITY DEPARTMENT (FSD)

VI.6 The FSD monitors risks to macrofinancial stability and evaluates the resilience of the financial system by undertaking macroprudential surveillance. It also functions as the secretariat to the Sub-Committee of the Financial Stability and Development Council (FSDC), an inter-regulatory institutional forum for preserving financial stability and promoting financial sector development. The FSD brings out half-yearly Financial Stability Report (FSR), highlighting key macrofinancial vulnerabilities along with results of macro-stress tests under various risk scenarios.

Agenda for 2024-25

VI.7 The Department had set out the following goals for 2024-25:

• Implementation of recommendations of the peer review (Utkarsh 2.0) [Paragraph VI.8];

• Development of a non-banking stability map/index (Utkarsh 2.0) [Paragraph VI.9]; and

• Enhancement of single-factor stress tests (Utkarsh 2.0) [Paragraph VI.9].

Implementation Status

VI.8 Based on the recommendations of the peer review, the macro-stress testing framework for scheduled commercial banks (SCBs) has been revised and includes: (i) projection of internally consistent adverse macrofinancial scenarios by performing simulations using vector autoregression with exogenous variables (VARX) model; (ii) projection of slippage ratio, interest income and interest expense at bank level using panel regression models; (iii) incorporation of market risk in the solvency stress testing framework; and (iv) increasing the scenario horizon of macro-stress test from currently one year to 1.5 - 2.0 years and generating projections of key financial ratios as at end of the ensuing financial years.

VI.9 To make an overall assessment of the risk factors that have a bearing on the stability of the NBFC sector, a non-banking stability map/ index has been developed. Further, based on the recommendation of the International Monetary Fund (IMF) peer review, the Department has replaced the erstwhile liquidity stress test of SCBs by operationalising liquidity coverage ratio (LCR)-based liquidity stress test as part of enhancing single factor stress tests.

Agenda for 2025-26

VI.10 In the year ahead, FSD will focus on the following:

• To enhance the stress testing framework further, a liquidity stress test framework for NBFCs will be developed in-house. Further, the extension of macro stress test to the UCBs sector (Tier-3 and Tier-4) will be explored. In addition to extending the stress testing framework, the Department also plans to assess the impact of climate transition risk on major carbon intensive sectors and its impact on balance sheets of banks having exposure to emission intensive sectors; and

• ‘Growth-at-Risk’ model will be developed for understanding how financial conditions and the level of financial vulnerabilities contribute to the possibility of future episodes of weak economic growth by linking current macrofinancial conditions to the distribution of future growth.

3. REGULATION OF FINANCIAL INTERMEDIARIES

Department of Regulation (DoR)

VI.11 DoR is the nodal Department for regulation of commercial banks, cooperative banks, NBFCs, CICs and all-India financial institutions (AIFIs)¹. The regulatory design and implementation is aligned to the evolving requirements of the Indian economy while adapting to international best practices.

Agenda for 2024-25

VI.12 The Department had set out the following goals for 2024-25:

• Review of guidelines on valuation of properties based on international best practices (Utkarsh 2.0) [Paragraph VI.13];

• Regulatory framework for web-aggregation of loan products (Paragraph VI.14);

• With a view to strengthen the extant regulatory framework governing project finance and to harmonise the instructions across all regulated entities (REs), the extant prudential norms for projects under implementation were reviewed, and a comprehensive regulatory framework applicable for all REs is proposed to be issued (Paragraph VI.15);

• A discussion paper on introduction of Expected Credit Loss (ECL) framework for provisioning by banks was issued on January 16, 2023, soliciting comments from stakeholders. While comments on the discussion paper are being examined, an external working group - comprising domain experts from academia, industry and select major banks - was constituted in October 2023 to holistically examine and provide independent comments on some of the technical aspects. The guidelines on the subject are being finalised by incorporating the feedback received on the discussion paper and the recommendations of the working group which submitted its report in February 2024 (Paragraph VI.15);

• The extant regulations on interest rates on advances vary across REs. In order to harmonise the same, a comprehensive review of the extant regulatory instructions is underway (Paragraph VI.16);

• Delineating the role of various committees (viz., Audit Committee of the Board, Nomination and Remuneration Committee, and Risk Management Committee) in NBFCs as mentioned in the scale-based regulatory framework issued on October 22, 2021 (Paragraph VI.17);

• Reviewing the requirement of obtaining prior approval of the Reserve Bank for change in management of NBFCs/HFCs, which would result in change in more than 30 per cent of the directors, excluding independent directors (Paragraph VI.17);

• In view of the operationalisation of a new overseas investment regime under Foreign Exchange Management (Overseas Investment) Rules, 2022, a review of extant guidelines on overseas investments by NBFCs and CICs shall be undertaken (Paragraph VI.17);

• In April 2021, an external committee was set up by the Reserve Bank to review the existing legal and regulatory framework applicable to ARCs and recommend measures to enhance their efficacy. Major recommendations of the Committee were implemented vide circular dated October 11, 2022. Remaining recommendations of the Committee shall be examined and implemented during 2024-25 (Paragraph VI.18);

• Standalone primary dealers (SPDs) are placed in middle layer of the scale-based regulatory framework for NBFCs. However, unlike NBFCs, the SPDs are subject to guidelines on minimum capital requirements for market risk in view of their exposure to government securities and other market related products and are also eligible to undertake various core and non-core activities which an NBFC is not allowed to undertake. A review of the framework for market risk for SPDs would be undertaken to bring about convergence with Basel III standards for banks (Paragraph VI.18); and

• Connected lending can involve moral hazard issues leading to compromise in pricing and credit management. The extant guidelines on the issue are limited in scope and are not applicable uniformly to all REs. As announced in the Reserve Bank’s Statement on Developmental and Regulatory Policies (December 8, 2023), a unified regulatory framework on connected lending for all the REs will be put in place for which a draft circular will be issued for public comments (Paragraph VI.18).

Implementation Status

VI.13 In the process of lending, institutions create charge on various primary or collateral securities with a view to secure their exposures. Most of such securities are non-financial in nature such as land, building, plants, machinery and inventories. While there are explicit standards and regulations on objective valuation of financial securities, the extant instructions on valuation of non-financial securities are relatively broad in nature and vary across REs. With a view to harmonise the regulations in this regard across REs and to bring more consistency in the valuation process, a comprehensive review is currently underway.

VI.14 Presently, most lending service providers (LSPs) make available web-aggregation service by partnering with multiple lending partners. Generally, LSPs exercise discretion in choosing a suitable lender for a given borrower and seldom display all the available loan offers to the borrower for making an informed choice. In line with the objective of customer centricity in digital lending, it was proposed vide a draft circular dated April 26, 2024 to mandate REs to ensure that all LSPs having arrangements with multiple REs present a digital view of loan offers available to the borrowers from the willing lenders over their digital lending apps (DLAs). The digital view shall at least include details such as name of the RE, amount of loan, the annual percentage rate (APR), tenor and other associated terms and conditions. LSPs, while displaying all available options, shall not use any ‘dark patterns’² in their user interface to nudge the borrowers in choosing a particular loan offer which may not be suited to their requirements. The final guidelines incorporating the feedback received from various stakeholders have been issued as part of ‘Reserve Bank of India (Digital Lending) Directions, 2025’.

VI.15 Based on a comprehensive review of experience of banks with regard to financing of project loans and the structural issues prevalent in the sector, the draft guidelines on the prudential norms for projects under implementation were issued on May 3, 2024. The draft guidelines aim to bring the norms in alignment with a more principle-based approach to resolution of such exposures, while ensuring that the REs recognise risks in a timely manner and build adequate buffers to absorb any future shocks that may arise from such exposures. The revised guidelines, taking into account the feedback received from the stakeholders, are being finalised. These guidelines will also be brought in alignment with the proposed provisioning regime based on expected credit loss (ECL), the draft circular on which is also under finalisation, incorporating the feedback received on the discussion paper issued earlier and the recommendations of the external working group.

VI.16 Extensive consultations³ have been undertaken internally as well as with key stakeholders regarding the approach to be adopted relating to the framework on interest rates on advances, considering the objectives of monetary transmission, risk pricing and conduct related aspects. In order to solicit wider public feedback, it is proposed to issue a discussion paper delineating the various imperatives of moving to a harmonised regime for interest rates on loans and advances across all REs.

VI.17 The draft guidelines on functions and responsibilities of the board committees in NBFCs and HFCs are under consideration. The extant regulatory requirement for NBFCs/HFCs to obtain prior approval of the Reserve Bank for management changes involving more than 30 per cent of the directors, excluding independent directors, is also being reviewed. The draft circular on overseas investments by NBFCs and CICs for seeking public comments is underway.

VI.18 Appropriate guidelines on remaining recommendations of the ARC committee shall be issued in 2025-26. The market risk framework for SPDs would be reviewed based on the revised market risk framework for banks, which is currently underway. Connected lending or loans to related parties have inherent moral hazard issues. A comprehensive review of connected lending has been undertaken after considering the extant instructions and definition of related parties in statutes such as Income Tax Act, 1961, Insolvency and Bankruptcy Code, 2016, and Companies Act, 2013. Accordingly, the draft circular is under preparation and will be issued for public comments.

Major Developments⁴

Regulatory Principles for Management of Model Risks in Credit

VI.19 REs use models for variety of activities to facilitate and enhance decision making. The application of rule-based algorithms and machine learning (ML) have increased the reliance on such models. With a view to ensuring prudence and to impart robustness in usage of such models, a draft circular on ‘Regulatory Principles for Management of Model Risks in Credit’ was issued on August 5, 2024, which provides broad regulatory principles to be followed for model risk management. The draft framework covers aspects related to governance and oversight, model development and deployment, and model validation framework. In light of the feedback received during the consultation period, the Reserve Bank will issue the finalised guidelines, which will encompass a broader scope to include models deployed across all relevant functional and operational domains.

Creation of a Directory of Digital Lending Apps (DLAs)

VI.20 Although the guidelines on digital lending issued in September 2022 cover the entire gamut of digital lending activities of REs, the issue of illegal lending apps has recently been gaining attention with reported harassment by such illegal apps. In many cases, these illegal apps falsely advertise their relationship with REs, with some entities creating a fake website of NBFC for listing their app as a partner app of the NBFC. Accordingly, to aid the customers in verifying the claim of DLAs’ association with REs, the Reserve Bank has issued instructions regarding operationalisation of the public directory of DLAs directing REs to furnish the details of their DLAs through the Centralised Information Management System (CIMS) portal of the Reserve Bank. REs have time till June 15, 2025 to report the initial data on the portal.

Key Facts Statement (KFS) on Loans and Advances

VI.21 As announced in the Reserve Bank’s Statement on Developmental and Regulatory Policies (February 8, 2024), a circular regarding KFS on loans and advances applicable to retail, and micro, small and medium enterprise (MSME) loans extended by all REs was issued on April 15, 2024. REs are required to provide their borrowers a statement containing the key information regarding loan agreement, including all-in cost of the loan, in a simple and easy to understand format.

Banks’ Exposure to Capital Market - Issue of Irrevocable Payment Commitments (IPCs)

VI.22 The settlement cycle for equities has been revised to ‘T+1’ from ‘T+2’ (‘T’ being the trade day) by the stock exchanges. Accordingly, the risk mitigation measures for intra-day exposures of banks arising out of issuance of IPCs have been revised vide circular dated May 3, 2024 as follows: (i) capital market exposures (CME) shall be computed at 30 per cent of the settlement amount; (ii) intra-day CME to the counterparty shall be subject to large exposure limits; and (iii) in case any exposure remains outstanding at the end of ‘T+1’, capital will have to be maintained as per the extant norms.

Gold Monetisation Scheme (GMS), 2015 - Amendment

VI.23 Government of India, vide press release dated March 25, 2025 regarding GMS, decided to discontinue the medium-term and long-term government deposit (MLTGD) components of GMS effective March 26, 2025. Accordingly, any gold deposits tendered at the designated collection and purity testing centre (CPTC)/ GMS mobilisation, collection and testing agent (GMCTA)/designated bank branches towards MLTGD component of GMS shall not be accepted after March 25, 2025. The designated banks, at their discretion, may offer short term bank deposits (STBD) under GMS. The MLTGD mobilised till March 25, 2025 shall continue till redemption as per the extant guidelines.

Climate Risks and Sustainable Finance

VI.24 During the year, the Reserve Bank continued to foster an ecosystem of sustainable and green finance, and comprehensive assessment of climate change risks, besides capacity building via conducting two workshops for the middle management level staff of the REs covering several aspects of climate risk mitigation and finance, risk assessment and management, scenario analysis and stress testing. The Reserve Bank also hosted the annual plenary and steering committee meetings of the Network for Greening the Financial System (NGFS) and organised a national level policy seminar on ‘Climate Change Risks and Finance’ for exchange of ideas between the various stakeholders.

Creation of Reserve Bank - Climate Risk Information System (RB-CRIS)

VI.25 In October 2024, the Reserve Bank announced the creation of RB-CRIS (data repository) to bridge data related gaps for undertaking climate risk assessments by REs. It is proposed to set up a web-based directory, listing various data sources, which will be publicly accessible on the Reserve Bank’s website, along with a data portal comprising datasets (i.e., processed data in standardised formats) accessible to the REs (Box VI.1).

Government Debt Relief Schemes (DRS)

VI.26 DRS generally entails funding by a fiscal authority to cover either part or the entire debt obligations of the borrower and may also cast obligations on lending institutions to sacrifice/ waive the remaining loan exposure. This has implications from a credit discipline standpoint and potentially creates moral hazard and prudential concerns, including delays in receipt of funds; mismatch between the claims admitted/ submitted by the REs and accepted by the government; and mandatory requirement to sanction fresh credit. Accordingly, a circular on government debt relief schemes was issued on December 31, 2024, containing, inter alia, the prudential treatment to be followed by the REs while implementing DRS. The circular also contains model operating procedure (MOP) for consideration of state governments while designing and implementing such schemes through a consultative approach and in line with the expectations of the stakeholders involved, including the government, lenders and borrowers.

Exposures of SCBs to NBFCs

VI.27 To address the concerns on post-COVID risk build-up in certain segments of consumer credit and NBFCs’ growing reliance on SCBs for funding, a circular was issued on November 16, 2023 which, inter alia, increased the risk weights by 25 percentage points for certain consumer credit exposures of SCBs and NBFCs. Additionally, risk weight on SCB’s exposure to NBFCs was increased by 25 percentage points in cases where the existing risk weight based on external ratings was below 100 per cent. On a review, vide a circular dated February 25, 2025, it was decided to restore the risk weight on SCBs funding to NBFCs to the risk weight associated with the given external rating of NBFCs (where the extant risk weight as per external rating of NBFCs is below 100 per cent).

Rupee Interest Rate Derivative Products - Small Finance Banks (SFBs)

VI.28 In order to provide greater flexibility and expand the avenues available for hedging interest rate risk in the balance sheet and commercial operations more effectively, SFBs were permitted to deal in permissible rupee interest rate derivative products.

Voluntary Transition of SFBs to Universal Banks

VI.29 On April 26, 2024, the Reserve Bank issued eligibility criteria for SFBs to transition into universal banks. The eligibility criteria require SFBs to have scheduled status, along with a satisfactory track record of performance for a minimum period of five years and its shares listed on a recognised stock exchange. Further, SFBs are required to have a minimum net worth of ₹1,000 crore as at the end of the previous quarter and meet their prescribed capital to risk-weighted assets ratio (CRAR) of 15 per cent. Moreover, they are mandated to have net profits in the preceding two financial years with gross non-performing asset (GNPA) and net non-performing asset (NNPA) ratios of less than or equal to 3 per cent and 1 per cent, respectively. Additionally, the eligible SFBs will be required to furnish a detailed rationale for the transition.

Formats of Financial Statements of Cooperative Banks

VI.30 The current format of the financial statements of cooperative banks was notified in 1981 under the Banking Regulation Act, 1949. Since then, there have been several developments in the financial market as well as accounting standards and practices. Accordingly, the Reserve Bank had undertaken a review of the format and released draft format on January 7, 2025 for public comments. The Reserve Bank is in the process of comprehensively reviewing the draft formats based on the comments/feedback received.

Forms of Business and Prudential Regulation for Investments

VI.31 In order to streamline the activities undertaken by banks and their group entities and provide more operational freedom to banks and non-operative financial holding companies (NOFHCs) for equity investments and setting up group entities, respectively, a draft circular on ‘Forms of Business and Prudential Regulation for Investments’ was placed on the Reserve Bank’s website on October 4, 2024, seeking feedback from stakeholders. Final guidelines would be issued based on the feedback received.

Harmonisation of Regulations Applicable to HFCs and NBFCs

VI.32 Post the transfer of regulation of HFCs from NHB to the Reserve Bank, various regulations have been issued treating HFCs as a category of NBFCs, duly considering their specialised nature. To ensure smooth regulatory transition, further harmonisation between the regulations of HFCs and NBFCs is being taken up in a phased manner. Accordingly, post a review, certain regulations of HFCs pertaining to deposit directions, diversification of activities, hedging avenues, technical specifications for account aggregator ecosystem and other miscellaneous regulations have been harmonised with NBFC regulations vide circular dated August 12, 2024, which became effective from January 1, 2025. Further, the guidelines on private placement of non-convertible debentures (NCDs) with maturity period of more than one year by HFCs were reviewed and have been completely aligned with NBFC regulations on the same vide circular dated January 29, 2025.

Submission of Information to Credit Information Companies (CICs) by ARCs

VI.33 With a view to align the CIC related guidelines for ARCs with the guidelines applicable to banks and NBFCs, and to maintain a track of borrowers’ credit history after transfer of loans by banks and NBFCs to ARCs, a circular on submission of information to CICs by ARCs was issued on October 10, 2024, the salient features of which include: (i) advising ARCs to become members of all four CICs; (ii) stipulating the submission of data by ARCs to CICs on a fortnightly basis or shorter intervals as agreed between the ARC and the CICs; (iii) prescription for rectification of rejected data within seven days of receipt of rejected data from CICs; and (iv) extension of best practices regarding regular submission/updation of data and customer grievance redressal to ARCs.

Guidelines on Settlement of Dues of Borrowers by ARCs

VI.34 Earlier guidelines on one-time settlement (OTS) of dues by ARCs, inter alia, required evaluation of all OTS proposals by an independent advisory committee (IAC) of professionals, followed by a review by the Board of Directors comprising at least two independent directors. Based on the feedback received, a comprehensive review of the OTS guidelines applicable to ARCs was undertaken and revised guidelines were issued on January 20, 2025, which, inter alia, prescribe that: (i) settlement should be done with the borrower after all possible ways to recover the dues have been examined and OTS is considered to be the best option available; (ii) settlement of accounts having aggregate outstanding value of more than ₹1 crore as well as of all accounts classified as fraud or wilful defaulter should be done after the proposal is examined by an IAC followed by a review by the Board of Directors comprising at least two independent directors; and (iii) settlement of accounts having aggregate outstanding value of less than ₹1 crore shall be done as per Board approved policy subject to the condition that any official who was part of the acquisition of the concerned financial asset shall not be part of processing/approving the OTS proposal of the same financial asset.

NBFC - Peer to Peer (NBFC-P2P) Lending Platform (Reserve Bank) Directions, 2017

VI.35 During the course of supervisory examinations, several concerns were observed in the operations of NBFC-P2Ps, which were not in conformity with the regulatory prescriptions. To ensure proper understanding of regulatory guidelines, certain clarifications were issued on August 16, 2024 which, inter alia, include: (i) lenders’ funds should not be deployed in any manner other than specified; (ii) funds of a lender should not be utilised for replacement of other lender(s); (iii) objective pricing policy and disclosure of the fees liable to be charged at the time of lending itself; such fees should be a fixed amount, or a fixed proportion of the principal amount involved in the lending transaction and should not be dependent upon the repayment by the borrower(s); (iv) funds transferred into the escrow accounts should not remain in the accounts for a period exceeding ‘T+1’ day, where ‘T’ is the date on which the funds are transferred to these escrow accounts; and (v) disclosure of the portfolio performance on the NBFC-P2P website in respect of losses borne by the lenders and non-performing assets (NPAs).

Wilful Defaulters and Large Defaulters

VI.36 The existing instructions on wilful defaulters were reviewed, taking into consideration various judgments/orders from the Hon’ble Supreme Court and Hon’ble High Courts, as well as feedback received from stakeholders. Subsequently, the final Master Direction was issued on July 30, 2024 after incorporating public comments received on draft Directions. The Master Direction serves as a comprehensive document delineating the regulatory framework and procedures for classification of borrowers as wilful defaulters. The guidelines are applicable to SCBs; scheduled UCBs; AIFIs; NBFC - Middle and above Layers as per the scale-based regulatory framework; non-scheduled UCBs falling under Tier 3 and 4 according to the revised regulatory framework; local area banks (LABs); and regional rural banks (RRBs). The process of classification of wilful defaulters has been refined by introducing disclosure of all materials and information on which show-cause notice is based; provision for written representation against the order of identification committee to the review committee; and a provision for personal hearing for the borrower by the review committee. For early detection of wilful default, review of all NPA accounts for identification of wilful default within six months of their classification as NPA has been prescribed. The Directions also provide clarity on the treatment of wilful default accounts subsequent to undergoing resolution under the IBC process or on loan assignment.

Credit Information Reporting

VI.37 The extant instructions on reporting of credit information issued to REs have been consolidated in a single direction to establish a standardised framework for reporting and dissemination of credit information, safeguarding the confidentiality and security of sensitive credit data, providing mechanisms for consumers to access their credit information and grievance redressal on the related matters. The Master Direction in this regard has been issued on January 6, 2025.

Enhancing Operational Risk Management and Operational Resilience

VI.38 To align the Reserve Bank of India’s regulatory guidance with the Basel Committee on Banking Supervision (BCBS) principles, viz., (a) revisions to the principles for the sound management of operational risk; and (b) principles for operational resilience (both issued in March 2021), a ‘Guidance Note on Operational Risk Management and Operational Resilience’ was issued on April 30, 2024. It provides overarching guidance to REs⁵ to strengthen their operational risk management framework and enhance their operational resilience enabling them to deliver critical operations even through disruption. It has been built on three pillars (consisting of 17 principles), viz., prepare and protect⁶, build resilience⁷, and learn and adapt⁸. The guidance note provides operational flexibility to ensure smooth implementation across REs of various sizes, nature, complexity, geographic location and risk profile of their business.

Review and Rationalisation of Prudential Norms – UCBs

VI.39 The Reserve Bank has, from time to time, prescribed various prudential norms for UCBs for enhancing their financial soundness and resilience. Some of these prudential norms have been issued with a view to reducing credit concentration risk, reducing exposures to sensitive sectors, and enhancing provisioning requirements for relatively riskier exposures. These norms, inter alia, include the stipulations relating to small value loans, exposure ceilings on housing and real estate loans, and provisioning requirements for investment in security receipts (SRs). With a view to rationalising these norms, and thereby allowing greater operational flexibility to UCBs without diluting the regulatory objectives, the above prudential norms have been reviewed vide circular dated February 24, 2025. The review includes increase in the dynamic and static upper limit of small value loans from 0.2 per cent of Tier-I capital to 0.4 per cent of Tier-I capital and ₹1 crore to ₹3 crore, respectively; rationalisation of aggregate exposure limits for housing loans to individuals with reference to total loans and advances instead of total assets and a stricter limit for real estate loans; enhanced monetary ceiling on individual housing loans for Tier-3 and Tier-4 UCBs; and further extension of the five year glide-path allowed to UCBs to provide for the valuation differential on the SRs held against the assets transferred by them to ARCs by additional two years till 2027-28.

Review of Risk Weights on Microfinance Loans

VI.40 As per circular on ‘Regulatory Measures Towards Consumer Credit and Bank Credit to NBFCs’ dated November 16, 2023, the risk weight on consumer credit, excluding housing, education, vehicle loans, and loans secured by gold was increased to 125 per cent. It has been decided, vide circular dated February 25, 2025, that the microfinance loans in the nature of consumer credit shall be risk weighted at 100 per cent. Other microfinance loans may be classified under regulatory retail portfolio (RRP) and assigned risk weight of 75 per cent, provided that the banks put in place appropriate policies to ensure fulfilment of the qualifying criteria of RRP. Further, all microfinance loans extended by RRBs and LABs shall attract a risk weight of 100 per cent.

Agenda for 2025-26

VI.41 During 2025-26, the Department will focus on the following key deliverables:

• Issuance of harmonised regulations on ‘Income Recognition, Asset Classification and Provisioning Pertaining to Advances’ to REs;

• Comprehensive review of all non-fund based contingent facilities issued by lending institutions;

• A draft regulatory framework for all forms of co-lending arrangements among REs was issued for public comments on April 9, 2025. Final guidelines would be issued post examination of the comments received;

• Framework for Securitisation of Stressed Assets: Discussion Paper was issued in January 2023, on which suggestions were received from the various stakeholders. Based on the same, the draft framework has been issued for public comments on April 9, 2025 and final guidelines are proposed to be issued post examination of the same;

• Draft guidelines on Expected Credit Loss (ECL) framework;

• The final phase of Basel III implementation: (a) Issuance of draft guidelines on Standardised Approach for credit risk; (b) Issuance of final guidelines on market risk; and (c) Updating Pillar 3 disclosure requirements in alignment with the Basel III framework of BCBS;

• Issuance of guidelines on standardised approach to counterparty credit risk (SA-CCR);

• Regulatory principles on model risk management;

• Issuance of prudential guidelines on climate risk for banks. This includes issuance of final guidelines on disclosure of climate related financial risks and guidance on climate scenario analysis and stress testing;

• Operationalisation of the data repository - Reserve Bank - Climate Risk Information System (RB-CRIS);

• Issuance of principles for effective management and supervision of climate related financial risks;

• Review of the framework for acceptance of green deposits;

• Guidelines on sustainability linked loans;

• Suitable guidelines to address mis-selling of financial products and services by REs (their own as well as third-party);

• Issuance of ‘Frequently Asked Questions (FAQs)’ on the Master Direction on know your customer (KYC);

• Review of regulations on internet and mobile banking for all banks;

• Differentiated regulatory framework for Type I – NBFCs, i.e, NBFCs without public funds and customer interface;

• Development of a platform namely ‘Regulatory Application Management System’ (RAMS) by the Department to undertake an end-to-end digital transformation of its internal processing of regulatory applications to ensure a life-cycle approach to regulation of any RE; and

• Consolidation of existing guidelines on regulatory matters into thematic Master Directions.

FinTech Department

VI.42 The FinTech Department is entrusted with the responsibility of fostering innovation in the FinTech ecosystem, while remaining vigilant and addressing the associated risks. The Department undertook several measures in pursuance of this mandate to fulfil the objectives set out for 2024-25.

Agenda for 2024-25

VI.43 The Department had set out the following goals for 2024-25:

• Expanding the scope of CBDC pilots to cover new use cases such as offline functionality, programmability, cross-border transactions and tokenisation of assets as well as new designs, technological considerations and more participants (Paragraph VI.44);

• Exploring commencing CBDC pilots on cross-border payments both on bilateral and multilateral basis to overcome key challenges related to turnaround time (TAT), efficiency and transparency, considering India being the world’s largest recipient of remittances (Paragraph VI.45);

• Launching full scale public tech platform [renamed as Unified Lending Interface (ULI)] with more financial institutions/data service providers and product offerings (Paragraph VI.46);

• Putting in place the framework for SRO(s) for the FinTech sector (Paragraph VI.47);

• Setting up a repository for capturing essential information about FinTechs and repository for tech-related activities by REs in order to effectively discern the developments in its ecosystem (Paragraph VI.48);

• Conduct of next global hackathon ‘HaRBInger 2024’ (Paragraph VI.49); and

• Testing innovative products/services and technology under sixth cohort of the regulatory sandbox (RS) [Paragraph VI.50].

Implementation Status

VI.44 The CBDC-R (e₹-R) pilot started with the initial use cases of person-to-person (P2P) and person-to-merchant (P2M) transactions. The Reserve Bank has since rolled out multiple pilots exploring offline and programmability features as well. The programmability use cases include direct benefit transfers to farmers against generation of carbon credits and loans to tenant farmers under kisan credit card (KCC) in select locations. Employee allowances for fuel/meal purposes are being implemented by banks. Under Subhadra Yojana of the state government of Odisha, e₹ has been used as a payment channel for around 88,000 beneficiaries so far. Discussions are underway with multiple central government Ministries and state governments for leveraging programmability feature of CBDC to transfer funds to beneficiaries with a defined end use.

VI.45 Bilateral cross-border CBDC pilots with select countries are being actively explored and progress has been made in finalisation of roadmap, technical aspects and use cases. The Reserve Bank’s participation in multilateral CBDC initiatives, particularly under the Bank for International Settlements (BIS) Innovation Hub, are also being considered.

VI.46 The development of ULI, previously called as Public Tech Platform for Frictionless Credit (PTPFC) and rechristened to ULI on August 26, 2024, was announced as part of the Reserve Bank’s Statement on Developmental and Regulatory Policies on August 10, 2023. The ULI pilot commenced on August 17, 2023. ULI is an enterprise-grade, open architecture platform which connects lenders and data service providers through a standardised, open application programming interface (API) framework operating on a plug-and-play model. By eliminating the need for multiple bilateral integrations by banks, ULI streamlines credit assessments and decision-making by enabling access to a diverse array of data. As on March 31, 2025 the Platform has recorded 44 lenders including banks and NBFCs, using over 60 data services for 12 loan journeys including KCC loans, digital cattle loans, MSME loans, etc. Based on the learnings and the positive response from stakeholders, the scope and coverage of the platform are being expanded to include more products, data providers and lenders.

VI.47 The Reserve Bank released a ‘Draft Framework for Recognising Self-Regulatory Organisation(s) for FinTech Sector’ on January 15, 2024, inviting comments and feedback from the stakeholders. Based on the inputs received and examination thereof, the ‘Framework for Recognising SRO(s) for FinTech Sector’ (SRO-FT framework) was finalised and released on May 30, 2024, which laid down the characteristics of a FinTech SRO, and includes, inter alia, functions and governance standards. Accordingly, applications were invited and FinTech Association for Consumer Empowerment (FACE) was recognised as SRO-FT vide press release dated August 28, 2024.

VI.48 With a view to gather information on the FinTech sector including the use of emerging technologies by traditional financial institutions, a ‘FinTech Repository’ was launched on May 28, 2024, to capture essential information about FinTech entities, their activities and technology stack. Simultaneously, a related repository for REs called ‘EmTech Repository’ was also launched to capture information on their adoption of emerging technologies such as artificial intelligence (AI), machine learning (ML), cloud computing, distributed ledger technology (DLT), etc. The FinTech and EmTech Repositories are secure web-based applications and are managed by the Reserve Bank Innovation Hub (RBIH).

VI.49 The Reserve Bank launched the third edition of its annual Global Hackathon – ‘HaRBInger 2024 – Innovation for Transformation’ – on June 7, 2024, focusing on two themes ‘Zero Financial Frauds’ and ‘Being Divyang Friendly’. The Hackathon received 534 proposals, of which 39 were received from teams outside India. An independent jury evaluated and selected the winners based on several parameters, including comprehensiveness, innovation, feasibility, scalability and compliance.

VI.50 The Reserve Bank has been operating the RS framework since 2019, under which four thematic cohorts⁹ have been announced and completed till date (Table VI.1). Under the fourth cohort, three entities were found viable. The fifth cohort which is theme neutral is currently underway. The On-Tap¹⁰ application facility under the RS is open for the closed themes.

Major Initiatives

Framework for Responsible and Ethical Enablement of AI (FREE-AI)

VI.51 Driven by rapid advances in computing power and the vast availability of digital data, AI and ML technologies have seen growing interest and significant progress in recent years, with financial institutions globally and domestically increasingly adopting these technologies. The Reserve Bank is exploring and implementing AI/ML-driven solutions in its own functions. The Reserve Bank has constituted an external committee in December 2024 comprising experts with a mandate to recommend a Framework for Responsible and Ethical Enablement of AI in the financial sector.

Global Conference on Digital Public Infrastructure (DPI) and Emerging Technologies

VI.52 As part of the celebrations of the 90th year of its establishment, the Reserve Bank organised a global conference on ‘Digital Public Infrastructure and Emerging Technologies’ during August 26-27, 2024 at Bengaluru. The Conference was attended by around 700 participants, including 81 distinguished delegates from 28 central banks and multilateral institutions such as World Bank, IMF, BIS Innovation Hub and European Central Bank (ECB).

VI.53 FinTech Department engages with FinTech ecosystem regularly through both structured and one to one basis, with a view to convey the policy initiatives, understand the new products/services, gather information on new innovations and identify areas which need solutions. This helps to chart out areas for policy support. During 2024-25, 486 interactions were conducted which included 22 structured group interactions. ‘Finquiry’ is an initiative that provides an opportunity for FinTechs to visit the FinTech Department at Mumbai for open enquiries and policy clarifications, while ‘Finteract’ is conducted across various cities on rotation, both at monthly intervals. Since April 2024, the Reserve Bank convened 12 structured interactions under ‘FinTeract’ covering over 965 representatives from FinTechs, and 10 open interactions were convened through ‘Finquiry’ (since June 2024) with over 300 participants. The Reserve Bank also launched an initiative named ‘FinKonnect’ in June 2024 aimed at providing a platform to connect successful entities from the RS and HaRBInger with the potential users of such solutions such as banks, NBFCs and separately with investors.

RBIH Initiative: AI/ML- based Solution to Identify Mule Bank Accounts (MuleHunter.ai™)

VI.54 In order to enable timely detection of mule accounts, RBIH has developed ‘MuleHunter. ai™’, a supervised ML model designed for near-real-time identification of mule accounts. The model leverages advanced AI/ML techniques to learn patterns of mule account activity from data, achieving higher accuracy as compared to the traditional systems. This solution is currently being tested and deployed in a few large public sector banks.

Agenda for 2025-26

VI.55 In 2025-26, the Department will focus on the following goals:

• Expand the scope and coverage of CBDC and introducing new use cases and features;

• Introducing business-to-customer (B2C) functionality in ULI;

• Scaling up ‘MuleHunter.aiTM’; and

• Prepare a framework for responsible and ethical adoption of AI in financial sector.

4. SUPERVISION OF FINANCIAL INTERMEDIARIES

Department of Supervision (DoS)

VI.56 The DoS is entrusted with the responsibility of supervising all SCBs (excluding RRBs), LABs, payments banks (PBs), SFBs, CICs, AIFIs, UCBs, NBFCs (excluding HFCs) and ARCs.

Commercial Banks

VI.57 The Department took several measures to further strengthen both onsite and off-site supervision of the SCBs, LABs, PBs, SFBs, CICs and AIFIs during the year.

Agenda for 2024-25

VI.58 The Department had set the following goals for 2024-25:

• Setting up of cyber range to augment cyber incident response capability of SCBs (Utkarsh 2.0) [Paragraph VI.59]; and

• To augment supervisory capabilities by a suite of SupTech data tools on micro-data analytics and other similar use cases using artificial intelligence and machine learning (Utkarsh 2.0) [Paragraph VI.60].

Implementation Status

VI.59 The approach to implementation of cyber range was re-strategised as per the requirement of the Reserve Bank’s Department of Information and Technology (DIT). The project is now set to be executed by Institute for Development and Research in Banking Technology (IDRBT) in coordination with DIT and DoS with the objective of enhancing synergies among the existing cyber drills conducted by IDRBT and other stakeholders. It is in advanced stage of finalising the implementation modalities.

VI.60 DoS has set up an Advanced Supervisory Analytics Group (ASAG) for increasing the use of techniques like AI/ML which has developed several advanced analytics models (microdata analytics, governance assessment model, social media monitoring model, fraud vulnerability index, borrowers’ vulnerability model and asset quality prediction model). The Department is in the process of developing more such models.

Other Initiative

Fraud Analysis

VI.61 An assessment of bank group-wise fraud cases over the last three years indicates that while private sector banks reported maximum number of frauds, public sector banks continued to contribute maximum to the fraud amount (Table VI.2). Frauds have occurred predominantly in the category of digital payments (card/internet) in terms of number and primarily in the loan portfolio (advances) in terms of value (Table VI.3). While card/internet frauds contributed maximum to the number of frauds reported by private sector banks, frauds in public sector banks were mainly in loan portfolio. The increase in the amount involved in the total frauds reported during 2024-25 over 2023-24 was mainly due to removal of fraud classification in 122 cases amounting to ₹18,674 crore reported during previous financial years and reporting afresh during the current financial year after re-examination and ensuring compliance with the judgement of the Hon’ble Supreme Court dated March 27, 2023.

Agenda for 2025-26

VI.62 The Department has set out the following goals for 2025-26:

• Strengthening of liquidity stress tests of SCBs by developing a cash flow analysis to ensure banks remain resilient during episodes of stress. The process would evaluate the potential impact of extreme but plausible scenarios on a bank’s liquidity position, ensuring it can meet obligations even during crises. It would provide forward-looking perspective and assess the stability of banks’ liquidity positions under adverse conditions. By identifying vulnerabilities and ensuring adequate liquidity buffers, stress testing would aid in ensuring resilience of banks, protect depositor interest and prevent systemic risks;

• Further strengthening the supervisory framework for PBs and SFBs;

• Digital services are important channels for servicing customers and ensuring resilience of the channels is of paramount importance. A framework will be devised with specific parameters for operational resilience of digital channels in REs;

• Issuance of guidelines on digital forensic readiness; and

• To provide a near-real-time view and analytics on the uptime of select digital services for the benefit of customers of banks, a dynamic online dashboard would be developed and the banks would be onboarded in a phased manner.

Urban Cooperative Banks (UCBs)

VI.63 The Department continued with its objective to monitor the performance of UCBs during the year and undertook measures for a safe and well-managed urban cooperative banking sector.

Agenda for 2024-25

VI.64 The Department had set out the following goal for supervision of UCBs in 2024-25:

• Strengthening the cyber/IT risks assessment (Paragraph VI.65).

Implementation Status

VI.65 A set of Level II UCBs¹¹ offering digital payment services have been advised to carry out gap assessment through Computer Emergency Response Team-India (CERT-In) empanelled auditors. UCBs have been utilising the services of third-party IT service providers (ITSPs) for various services such as for hosting servers in data centres, automated teller machine (ATM) switch, core banking solution (CBS), card management and mobile banking. To evaluate the cyber risk, pooled audit of three such common ITSPs was conducted by select UCBs through CERT-In empanelled auditor. Cyber security related instructions issued to UCBs have been consolidated and an updated framework is being finalised.

Other Initiatives

Risk-based Approach (RBA) for KYC/AML Supervision of UCBs

VI.66 The coverage of UCBs under RBA was aligned with the four-tiered regulatory framework and expanded to include Tier 3 and Tier 4 UCBs constituting around 60 per cent of the total deposit size of the sector.

Prompt Corrective Action (PCA) Framework for UCBs

VI.67 The Reserve Bank issued the guidelines on PCA framework for UCBs on July 26, 2024, superseding earlier instructions issued on supervisory action framework (SAF). The revised framework seeks to provide flexibility to design entity specific supervisory action plans based on the assessment of risks on a case-by-case basis. The provisions of the PCA framework will be effective from April 1, 2025. The PCA framework has been made applicable to all UCBs in Tier 2, Tier 3 and Tier 4, except UCBs under all-inclusive Directions¹². Tier 1 UCBs have been excluded from the PCA framework as of now; however, they will continue to be subjected to enhanced monitoring under the extant supervisory framework. Capital, asset quality and profitability are the key areas for monitoring in the revised PCA framework. The framework has been suitably harmonised with similar frameworks applicable for SCBs and NBFCs, with suitable modifications keeping in mind the underlying principle of proportionality. It is largely principle-based, with a fewer number of parameters as compared to the SAF, but ensuring sustenance of the supervisory rigour.

Agenda for 2025-26

VI.68 The Department has identified the following goals for supervision of UCBs in 2025-26:

• Review of risk-based approach (RBA) for KYC/AML supervision of select UCBs (Utkarsh 2.0);

• Examining the migration of UCBs to risk-based supervision (RBS); and

• Issuance of updated guidelines on cyber security framework.

Non-Banking Financial Companies (NBFCs)

VI.69 The Department continued to closely monitor the NBFCs (excluding HFCs) and ARCs registered with the Reserve Bank.

Other Initiative

Risk-based Approach (RBA) for KYC/AML Supervision of NBFCs

VI.70 Under RBA, the criterion to include NBFCs was reviewed and aligned with that of scale-based regulations. Accordingly, all upper layer NBFCs and those with an asset size above ₹5,000 crore in the middle layer are now covered.

Agenda for 2025-26

VI.71 The Department has identified the following goals for supervision of NBFCs in 2025-26:

• Review of RBA for KYC/AML supervision of select NBFCs (Utkarsh 2.0);

• As a thematic assessment, assessing adherence by REs to pricing guidelines prescribed vide extant regulations to ensure that the customers of such loans are not being charged exorbitant interest rates; and

• Examining the migration of NBFCs to risk-based supervision (RBS).

Supervisory Measures for All Supervised Entities (SEs)

VI.72 A unified DoS has been operationalised in which the supervision of banks, UCBs and NBFCs is being undertaken in a holistic manner under one umbrella Department.

Agenda for 2024-25

VI.73 The Department had set out the following supervisory goals for 2024-25:

• Examining information systems (IS) audit framework in REs (Paragraph VI.74);

• Examining data governance framework for REs (Paragraph VI.75);

• Developing data quality index (DQI) for offsite returns (Paragraph VI.76); and

• Deeper integration of offsite analytics with onsite supervision (Paragraph VI.77).

Implementation Status

VI.74 An IS audit sub-group under Standing Committee on cyber security was formulated with representation from industry, academia and experts from IS audit profession. The report of the sub-group has been finalised and the recommendations are being examined for appropriate action.

VI.75 Data governance aspects, including localisation and data privacy, are being examined by an internal inter-departmental group on data governance. While ‘The Digital Personal Data Protection Act’ was enacted in August, 2023, the rules related to the Act have not been framed, and the same will be examined before finalising the report of the sub-group.

VI.76 Supervisory DQI (sDQI) was developed to identify and address deficiencies in risk data aggregation capabilities and risk reporting practices across SEs. This sDQI model is used for assessing the quality of data submitted by SEs to DoS through various returns. The model generates SE-wise and aggregate sDQI scores each quarter. The movement in sDQI score is being monitored to identify improvement/decline in the quality of reporting by various SEs.

VI.77 A mechanism in the form of a feedback loop among various groups of the department is in place along with a structured framework for supervisory action.

Other Initiatives

Strategy to Strengthen KYC/AML Supervision of SEs

VI.78 The specialised KYC/AML risk assessment of SEs, implemented through the ‘Supervisory Assessment for KYC/AML Risks (SAKAR)’ framework in 2020, was further strengthened with increase in the coverage of the SEs under offsite risk assessment; inspection of SEs which were not previously subjected to onsite examination for KYC/AML/ Terrorist Financing (TF) risks; and carrying out thematic assessments on areas of emerging risks. The supervisory strategy has also been reoriented to identify the major deficiencies and areas of non-compliance, particularly in critical processes such as customer due diligence and transaction monitoring at the system level and to mitigate the KYC/AML/TF risks in a more focused manner through targeted assessments and close engagement with the SEs. Further, to utilise the supervisory resources in a more efficient manner, desktop assessments of smaller SEs have also been introduced.

Fraud Monitoring Returns and Return on Theft, Burglary, Dacoity and Robbery

VI.79 Commercial banks (excluding RRBs); NBFCs (excluding HFCs) in the upper layer, middle layer and base layer (with asset size of ₹500 crore and above); and UCBs are required to report incidents through returns on frauds and theft, burglary, dacoity and robbery on CIMS from November 18, 2024.

Cross-border Supervisory Cooperation

VI.80 During the year, the Reserve Bank proactively strengthened international supervisory cooperation by establishing and deepening formal relationships with authorities in key global jurisdictions. These efforts aim to enhance the stability of the financial system (Box VI.2).

Gold Loans

VI.81 In the backdrop of significant growth in gold loans in recent years, the Department of Supervision and Regulation jointly conducted a review of the adherence to prudential guidelines, as well as practices being followed by select SEs with regard to loans against pledge of gold ornaments and jewellery. The review and the findings of onsite inspection indicated several irregular practices such as: (i) shortcomings in the use of third parties for sourcing and appraisal of loans; (ii) valuation of gold without the presence of the customer; (iii) inadequate due diligence and lack of end use monitoring; (iv) lack of transparency during auction of gold ornaments and jewellery on default by the customer; (v) limitations in monitoring of loan-to-value (LTV); and (vi) incorrect application of risk-weights. The SEs have been advised vide circular dated September 30, 2024 to comprehensively review their policies, processes and practices on gold loans to identify gaps and initiate appropriate remedial measures in a timebound manner. The SEs have also been advised to closely monitor the portfolio and ensure that adequate controls are in place over outsourced activities and third-party service providers.

Cyber Security Related Measures for REs

VI.82 Cyber security continued to be assessed as a major operational risk. Cyber incident monitoring framework was updated and detailed guidance was provided to REs on reporting of cyber incidents. Thematic studies were carried out including on IT governance, third party IT service providers, comparative study on IT/ information system (IS) regulations to assess the relative areas and improve upon the existing risk mitigation measures. Advanced supervisory tools have been used to assess the SEs’ cyber resilience capabilities such as conduct of phishing simulation exercise. Frameworks on IS audit, forensic readiness and revised guidelines for cyber security for UCBs are being worked upon based on the updated risk environment.

Fraud Risk Management in REs

VI.83 The Reserve Bank issued the revised Master Directions on fraud risk management for REs on July 15, 2024. The revised Directions are principle-based and strengthen the role of the Board in overall governance and oversight of fraud risk management. Framework on early warning signals (EWS) and red flagging of accounts (RFA) has been further strengthened for early detection and prevention of frauds in the REs along with timely reporting to law enforcement agencies and supervisors. The Master Directions now explicitly require REs to ensure compliance with the principles of natural justice in a time-bound manner before classifying persons/entities as fraud, duly taking into account the Hon’ble Supreme Court judgment dated March 27, 2023. These Directions have also been made applicable to RRBs, rural cooperative banks and HFCs.

Agenda for 2025-26

VI.84 The Department has identified the following goals for supervision of all SEs in 2025-26:

• Review and issue of updated/harmonised regulatory instructions on statutory audit and concurrent audit in REs;

• Conducting detailed thematic reviews on select areas of cyber risks;

• Enhancing cyber resilience and capabilities of SEs through implementing recommendations of the inter-regulatory working group on uniformity in baseline cyber security guidelines of financial entities;

• Enhancing cyber mapping of financial systems and conduct of cross-sectoral and market-wide cyber crisis simulation exercises in a phased manner; and

• Enhance the existing framework for supervision of NBFCs in Base Layer.

Enforcement Department (EFD)

VI.85 The Enforcement Department was set up with a view to separate enforcement action from supervisory process and to put in place a structured, rule-based approach to identify and process violations by the REs of the applicable statutes and the directions issued thereunder, and to enforce the same consistently across the Reserve Bank. The objective of enforcement is to ensure compliance by the REs with the rules and regulations, within the overarching principles of financial stability, public interest and consumer protection.

Agenda for 2024-25

VI.86 The Department had set out the following goal for 2024-25:

• Based on a feasibility study, a Scale-based Framework for Enforcement would be put in place (Paragraph VI.87).

Implementation Status

VI.87 The Scale-based Framework for Enforcement is being reviewed on the basis of the feasibility study and the feedback received.

Major Developments

VI.88 During 2024-25, the Department undertook enforcement action against REs and imposed 353 penalties aggregating to ₹54.78 crore for contraventions/non-compliance¹³ with provisions of statutes and certain directions issued by the Reserve Bank from time to time (Table VI.4).

VI.89 With the objective of rationalising and consolidating enforcement action by the Reserve Bank, the enforcement related work (i.e., imposition of monetary penalty and compounding) under the Payment and Settlement Systems (PSS) Act, 2007 was transferred to the Department and the circular on framework for enforcement action under the PSS Act, 2007 has been issued on January 30, 2025.

Agenda for 2025-26

VI.90 During 2025-26, the Department proposes to achieve the following goal:

• Review the standard operating procedure (SOP) for enforcement action based on the experience gained (Utkarsh 2.0).

5. CONSUMER EDUCATION AND PROTECTION

Consumer Education and Protection Department (CEPD)

VI.91 The CEPD frames policy guidelines for effective grievance redress mechanism at the level of the REs; monitors the functioning of internal grievance redress mechanism of REs; administers ‘the Reserve Bank-Integrated Ombudsman Scheme, 2021’ (RB-IOS) through ombudsman offices; oversees the performance of the consumer education and protection cells at the regional offices; and creates public awareness on safe banking practices, extant regulations on customer service¹⁴ and protection, as also on the avenues for redress of customer complaints.

Agenda for 2024-25

VI.92 The Department had proposed the following goals for 2024-25:

• Improvement in the complaint management system to enhance support in lodging complaints and ensure greater consistency in decisions and outcomes (Utkarsh 2.0) [Paragraph VI.93];

• Development of consumer protection assessment matrix for REs (Utkarsh 2.0) [Paragraph VI.94];

• Strengthen internal grievance redress framework to encourage banks to take proactive measures to improve customer service (Paragraph VI.95);

• Conduct of survey to assess the reasons for the low level of complaints in the rural/semi-urban areas (Paragraph VI.96); and

• Review and rollout of reoriented nationwide intensive awareness programme (NIAP) based on feedback received from REs and Offices of RBI Ombudsman (ORBIOs) [Paragraph VI.97].

Implementation Status

VI.93 The Reserve Bank is collaborating closely with Reserve Bank Information Technology Pvt. Ltd. (ReBIT) to integrate artificial intelligence (AI) into the complaint management system in a phased manner. While phase I will introduce a conversational AI chatbot for the complainants, phase II will have more advanced features for processing the complaints.

VI.94 The Reserve Bank is developing a consumer protection assessment matrix (CoPAM) to assess the quality of customer protection provided by the REs. The pilot test of the model with respect to select banks is currently underway.

VI.95 The Reserve Bank had issued ‘Framework for Strengthening the Grievance Redress Mechanism in Banks’ in January 2021. The framework, inter alia, includes recovery of cost of redress of complaint from outlier banks to incentivise banks to strengthen their internal grievance redressal systems and to bring improvements in the quality of customer service. Based on the experience gained and feedback obtained, the framework is being reviewed to fine-tune the parameters, strengthen the mechanism and further nudge the concerned REs towards improving their internal grievance redress mechanisms.

VI.96 A survey has been undertaken to understand the reasons for the low level of complaints from the rural/semi-urban areas and assess the level of awareness in these areas, as also to provide inputs for geography/population specific awareness programmes. The findings of the survey are currently being analysed.

VI.97 The Reserve Bank had launched a month-long NIAP in November 2022, in collaboration with the REs, with focus on creating awareness in the hitherto unreached and isolated segments of the populations. Based on the feedback from all the stakeholders, the need was felt for sustaining consumer awareness efforts with a targeted approach on an ongoing basis. Accordingly, a systematic approach for augmenting awareness throughout the year has been initiated in January 2025.

Major Developments

Receipt of Complaints at ORBIOs

VI.98 During 2024-25, 2.96 lakh complaints were received at ORBIOs, compared to 2.93 lakh complaints during 2023-24, showing a marginal increase. Complaints were mainly received against banks, followed by NBFCs, non-bank system participants and CICs. Majority of these complaints pertain to loans/advances and digital banking products.

Awareness Initiatives

VI.99 The Reserve Bank of India Ombudsmen conducted 47 townhall meetings and 239 awareness programmes in 2024-25, with focus on specific groups such as students, senior citizen and women. Moreover, thematic multimedia campaigns on safe banking practices for Aadhaar enabled payment system (AePS), complaint lodging procedure and ‘Digital Arrest’ were conducted. Awareness booklets relating to safe banking practices were distributed in rural self-employment training institutes (RSETIs). The Reserve Bank is in the process of releasing animated short films depicting modus operandi of various frauds and safeguards to be exercised.

Agenda for 2025-26

VI.100 During 2025-26, the Department has identified the following goals to focus:

• Review of ‘Reserve Bank-Integrated Ombudsman Scheme, 2021’, including consumer education and protection cells, centralised receipt and processing centre, and contact centre (Utkarsh 2.0);

• Issuance of Master Direction on grievance redressal framework in REs; and

• Improve the complaint management system to better support the lodging of complaints and ensure greater consistency in decisions and outcomes (Utkarsh 2.0).

Deposit Insurance and Credit Guarantee Corporation (DICGC)

VI.101 The DICGC, a wholly owned subsidiary of the Reserve Bank established under the DICGC Act, 1961, administers the deposit insurance scheme in India, the objective of which is to protect depositors of banks and preserve public confidence in the banking system thereby contributing to financial stability. The deposit insurance scheme is mandatory for all banks (commercial and co-operative) that are licensed by the Reserve Bank. The number of registered insured banks stood at 1,982 as on March 31, 2025, comprising 139 commercial banks (including 11 SFBs, 6 PBs, 43 RRBs and 2 LABs) and 1,843 co-operative banks (1,457 UCBs, 34 StCBs and 352 DCCBs).

VI.102 The current coverage limit of deposit insurance is ₹5 lakh per depositor of a bank for deposit accounts held ‘in the same capacity and in the same right’¹⁵. As on September 30, 2024, the number of fully insured deposit accounts under the coverage limit was 286.9 crore (281.8 crore a year ago) which constituted 97.7 per cent (97.9 per cent a year ago) of the total number of accounts. In terms of value, the total insured deposits were ₹96,74,623 crore (₹90,32,340 crore in the previous year) which was 42.6 per cent (44.2 per cent in the previous year) of assessable deposits¹⁶. The reserve ratio (i.e., Deposit Insurance Fund/Insured Deposits) as on September 30, 2024 stood at 2.21 per cent (2.02 per cent in the previous year). Currently, the coverage limit is 2.5 times the GDP per capita in 2024-25.

VI.103 The DICGC levies banks a flat rate premium of 0.12 per cent per annum on the total assessable deposits for providing deposit insurance. During 2024-25, deposit insurance premium received was ₹26,764 crore, recording a y-o-y growth of 12.1 per cent.

VI.104 The DICGC maintains a Deposit Insurance Fund (DIF) for the settlement of claims of depositors of banks taken into liquidation/amalgamation or put under all-inclusive Directions. The Fund has been built up through transfer of the Corporation’s surplus, i.e., excess of income (mainly comprising premium received from insured banks, interest income from investments and cash recovery out of liquidation of assets of failed banks) over expenditure (payment of claims of depositors and related expenses) each year, net of taxes. During 2024-25, the total claims settled by the Corporation amounted to ₹476 crore, all of which were towards 43 UCBs liquidated/placed under all-inclusive Directions. The size of the DIF stood at ₹2,28,933 crore as on March 31, 2025 recording a y-o-y growth of 15.2 per cent over ₹1,98,753 crore as on March 31, 2024.

6. CONCLUSION

VI.105 The Reserve Bank undertook several measures to safeguard the financial system by further strengthening the regulatory and supervisory framework of banking and non-banking sectors in line with global best practices. Going forward, concerted efforts would be made, inter alia, towards rationalisation and harmonisation of regulations across regulated entities; issuance of prudential guidelines on climate risk for banks; preparing a framework for responsible and ethical adoption of AI in financial sector; strengthening of liquidity stress tests of SCBs; and also examining the migration of UCBs/NBFCs to risk-based supervision, besides strengthening cyber security and fraud detection mechanism. Further, fine-tuning the existing complaint management and grievance redress mechanism, including exploring the use of AI, would remain in focus.

¹ Export-Import (EXIM) Bank, National Bank for Agriculture and Rural Development (NABARD), National Housing Bank (NHB), Small Industries Development Bank of India (SIDBI) and National Bank for Financing Infrastructure and Development (NaBFID).

² Dark patterns are design interfaces and tactics used to trick users into desired behaviour.

³ Annex II of this Report provides a list of regulatory measures undertaken post public consultations during April 2022 to March 2025.

⁴ This sub section highlights the major circulars/guidelines issued by the DoR. Annex I of this Report provides a comprehensive department-wise chronology of policy announcements during April 2024 to March 2025.

⁵ Commercial banks, primary UCBs/State Cooperative Banks (StCBs)/ Central Cooperative Banks (CCBs), AIFIs and NBFCs (including HFCs).

⁶ Focussing on governance and operational risk management.

⁷ Consisting of areas such as business continuity, incident management and cyber security for ensuring delivery of critical operations in case of disruptions.

⁸ For the creation of a feedback loop through disclosures and lessons learnt exercises.

⁹ ‘Retail Payments’, ‘Cross Border Payments’, ‘MSME Lending’ and ‘Prevention and Mitigation of Financial Frauds’.

¹⁰ The Reserve Bank vide press release dated April 9, 2025 allowed ‘Theme Neutral’ applications as part of the ‘On-Tap’ facility under the RS.

¹¹ Please refer to the Reserve Bank’s circular on ‘Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) – A Graded Approach’ dated December 31, 2019 for definition of Level II UCBs.

¹² All-inclusive Directions are restrictions imposed by the Reserve Bank on banks in the public interest. These directions are issued under Section 35A of the Banking Regulation Act, 1949.

¹³ Illustratively, some of them include contravention of/violation related to Section 26A of Banking Regulation Act, 1949; Cyber Security Framework in banks; Exposure Norms and IRAC Norms; Reserve Bank of India [Know Your Customer (KYC)] Directions, 2016; Reserve Bank of India (Frauds Classification and Reporting by Commercial Banks and Select FIs) Directions, 2016; Reporting Information on CRILC; Submission of Credit Information to Credit Information Companies (CICs); Customer Protection-Limiting Liability of Customers in Unauthorised Electronic Banking Transactions; Director Related Loans; the Housing Finance Companies (NHB) Directions, 2010; and the Non-Banking Financial Company - Peer to Peer Lending Platform (Reserve Bank) Directions, 2017.

¹⁴ Annex III of this Report provides a list of customer centric measures undertaken during April 2022 to March 2025.

¹⁵ Deposit accounts are called so when the depositor has one or more types of deposit accounts and in one or more branches of a bank in his/her personal name. This also includes deposit held in the name of the proprietary concern where the depositor is the sole proprietor. If the depositor has deposit accounts in his/her capacity as a partner of a firm/guardian of a minor/director of a company/trustee of a trust/joint account, in one or more branches of the bank then such accounts are considered as held in different capacity and different right. In the case of joint accounts, if individuals open more than one joint accounts in which their names are not in the same order or group of persons are different, then the deposits held in these joint accounts are considered as held in the different capacity and different right.

¹⁶ Assessable deposits include all bank deposits except (i) deposits of foreign governments; (ii) deposits of central/state governments; (iii) inter-bank deposits; (iv) deposits received outside India; and (v) deposits specifically exempted by the corporation with prior approval of the Reserve Bank.