The ₹97.4 crore embezzlement at Ajanta Urban Cooperative Bank didn't happen overnight. It unfolded over seventeen years—from 2006 to October 2023—through false accounts, forged records, and unsecured loans orchestrated by the CEO, directors, and chairman in collusion. Most damning: RBI's 2021-22 inspection flagged the irregularities. The warnings were ignored. Arrests followed only after the bank's complete collapse.
This isn't an isolated failure. UCBs reported 972 fraud cases worth ₹221 crore between FY2014-15 and FY2018-19 (per RBI RTI data), with the frequency and value escalating sharply—181 cases totaling ₹127.7 crore in FY2018-19 alone. Across the banking sector, reported fraud amounts rose sharply in FY2024-25, driven in part by reclassification of legacy cases.
RBI's response has been unequivocal. The Master Directions on Fraud Risk Management in UCBs, StCBs, and CCBs issued on July 15, 2024 (DoS.CO.A&OB.No.BC.81/21.01.003/2024-25) supersedes all prior guidelines and establishes a comprehensive framework that no UCB executive can afford to ignore. In FY25 alone, RBI imposed ₹54.78 crore in penalties on 353 entities for violations including fraud classification and reporting lapses—with UCB-specific fines ranging from ₹2.5 lakh (Noida Commercial Co-op Bank) to ₹7 lakh (Urban Co-op Bank Ltd., Budaun).
This article provides UCB CEOs, CROs, HIAs, and Compliance Heads with the definitive framework for fraud prevention, detection, and regulatory compliance under the current regime.
Understanding the Fraud Landscape: Classifications Under RBI's July 2024 Master Directions
The July 2024 Master Directions establish eight distinct fraud categories that UCBs must understand for proper classification and reporting:
| **Fraud Category** | **Description** | **Common UCB Manifestation** |
|---|---|---|
| Misappropriation & Criminal Breach of Trust | Dishonest misappropriation of property or conversion by persons entrusted with property | Staff diverting depositor funds, unauthorized withdrawal from dormant accounts |
| Fraudulent Encashment | Forged instruments, fictitious accounts | Encashing cheques through fake beneficiary accounts, manipulated demand drafts |
| Unauthorized Credit Facilities | Extending credit for illegal gratification | Sanctioning loans to ineligible borrowers for personal benefit |
| Negligence & Cash Shortages | Wilful negligence causing pecuniary loss | Persistent cash shortages attributed to "accounting errors" |
| Cheating & Forgery | Use of forged documents to deceive | Loan disbursement against fabricated collateral documents |
| Foreign Exchange Irregularities | Manipulation of forex transactions | Applicable to UCBs with AD licence—irregular remittance processing |
| Fraudulent Stock Manipulation | Removal or inflation of pledged stocks | Hypothecated inventory removed or overstated in working capital accounts |
| Digital & Electronic Banking Fraud | Unauthorized electronic transactions | UPI fraud, internet banking breaches, card-not-present fraud |
Critical Insight: The Ajanta UCB case combined multiple categories—fraudulent encashment through false accounts, unauthorized credit facilities via unsecured loans, and systemic cheating through forged records. The collusion between top management circumvented controls designed for individual perpetrators, highlighting why Board-level oversight mechanisms are essential.
RBI Reporting Requirements: Timelines, Thresholds, and Accountability
The July 2024 Master Directions establish non-negotiable reporting obligations. Failure attracts both penalties and personal accountability for staff responsible for delays.
Mandatory Fraud Monitoring Returns
FMR-III (Immediate Reporting):
- All frauds, regardless of amount, must be reported via FMR-III within 14 days of classification
- No minimum threshold—a ₹5,000 fraud demands the same reporting discipline as a ₹5 crore fraud
- Progress reports continue until case closure
FMR-IV (Quarterly Reporting):
- Specific to theft, burglary, dacoity, or robbery
- Due within 15 days of quarter-end
- Covers physical security breaches even where no fraud in the conventional sense occurred
Law Enforcement Agency Reporting
UCBs must lodge complaints with law enforcement agencies (LEAs) promptly upon fraud detection. The Master Directions require banks to file complaints with police/LEA for investigation regardless of amount, with timely updates to RBI on the progress of such complaints.
Staff Accountability Framework
The Master Directions explicitly mandate fixing staff accountability for:
- Delays in fraud identification
- Delays in reporting to RBI
- Incorrect fraud classification
- Naming uninvolved parties in fraud reports (explicitly prohibited)
Practical Implication: When RBI inspectors find reporting delays, they will not accept "process gaps" as explanation. The Directions require UCBs to identify and hold accountable specific individuals responsible for the delay.
Internal Controls Architecture: Beyond Maker-Checker
While maker-checker segregation forms the foundation, the July 2024 Master Directions mandate a comprehensive internal control architecture.
Board-Approved Fraud Risk Management Policy
Every UCB must maintain a Board-approved Fraud Risk Management Policy that integrates:
- Maker-Checker Segregation: Mandatory dual controls preventing single-person transaction completion
- Internal Audit Framework: Risk-based internal audits covering all high-risk areas
- Special Board Committees: Dedicated committee for fraud monitoring and oversight
- Concurrent Audit Requirements: Must be contemporaneous—real-time or near-real-time—not monthly rituals
- High-risk areas (loans, KYC, large-value transactions) reviewed within 24-48 hours
- Audit observations escalated immediately, not batched for monthly reports
- Auditor physically present during critical processes, not reviewing documentation retrospectively
- ☐ Board-approved Fraud Risk Management Policy in place (updated post-July 2024)
- ☐ Special Board Committee for fraud monitoring established with clear terms of reference
- ☐ Policy reviewed and approved annually by Board
- ☐ Fraud risk integrated with overall risk management framework
- ☐ All financial transactions require dual authorization
- ☐ System-enforced controls prevent same user from initiating and approving
- ☐ Maker-checker extends to non-financial master data changes (customer details, interest rates)
- ☐ Exception reports generated for any control overrides
- ☐ Risk-based internal audit plan covering all branches and departments
- ☐ Audit Committee of Board reviews all audit findings quarterly
- ☐ Long-form internal audit conducted annually (not just concurrent audits)
- ☐ EDP/IS audit conducted for all technology systems
- ☐ Concurrent auditor reviews transactions within 48 hours of occurrence
- ☐ High-risk areas (loans, KYC, large cash transactions) prioritized
- ☐ Observations escalated immediately to management
- ☐ Concurrent audit does not substitute for internal audit
- ☐ FMR-III submission process documented with clear responsibility matrix
- ☐ FMR-IV quarterly submission calendar established
- ☐ Staff accountability framework documented for reporting delays
- ☐ LEA reporting thresholds understood and process documented
- ☐ Staff trained on fraud identification and reporting obligations
- ☐ Fraud classification criteria documented with examples
- ☐ Previous fraud cases analyzed and lessons documented
- ☐ Whistle-blower mechanism in place and communicated to staff
- Unusual transaction patterns (sudden volume spikes, off-hours activity)
- Transactions inconsistent with customer profile
- Frequent just-below-threshold transactions (structuring indicators)
- Circular movement of funds between related accounts
- Deterioration in financial ratios not triggering formal NPA classification
- Frequent request for ad-hoc limits or covenant waivers
- Delay in submission of stock statements or financial information
- Reduction in operations through the account while facilities remain utilized
- Negative market intelligence or media reports
- Staff reluctance to take leave (classic embezzlement indicator)
- Customer complaints about unauthorized transactions
- Frequent reconciliation differences
- Override of system controls
- EWS findings feed into credit risk assessment
- Persistent red flags trigger enhanced due diligence
- Board Committee reviews EWS effectiveness quarterly
- False positive rates tracked to calibrate alert thresholds
- Does the internal audit plan cover all areas, or are certain branches/functions perpetually deferred?
- Are audit findings tracked to closure with evidence of remediation?
- Is the internal audit function independent of operations?
- Review timing of concurrent audit observations versus transaction dates
- Check whether concurrent audit is contemporaneous or merely labeled as such
- Examine whether high-risk areas receive proportionate coverage
- For UCBs with digital banking: has CERT-In audit been conducted?
- Are third-party IT providers (core banking system vendors) subject to pooled audits?
- Are IT general controls (access management, change management) tested?
- Independent verification of investment holdings
- Valuation methodology compliance
- Segregation of front-office and back-office functions
- Are meetings held with prescribed frequency?
- Do minutes reflect substantive discussion or rubber-stamping?
- Are audit findings escalated appropriately?
- System demonstration of dual authorization
- Exception reports and how overrides are handled
- Coverage of maker-checker across transaction types
- For Tier 3/4 UCBs: evidence of formal EWS framework
- Review of signals generated and actions taken
- Integration with credit monitoring
- Documentation of accountability fixed in past fraud cases
- Process for identifying delays in fraud detection/reporting
- Evidence that uninvolved staff are not named in fraud reports
- Sample review of fraud cases for correct categorization
- Consistency between internal classification and FMR submissions
- Timeliness of classification decisions
- Conduct gap assessment against the checklist above
- Address critical control gaps within 30 days (document the remediation)
- Prepare documentation files for each focus area
- Brief all relevant staff on likely queries and expected responses
- Review previous inspection findings and evidence of compliance
- CERT-In audits mandatory for UCBs offering digital services
- Pooled audits of third-party IT providers (core banking, payment switches) mandated
- Enhanced scrutiny of cyber security controls
- RBI's February 2026 Statement proposes customer compensation up to ₹25,000 for small-value frauds—shifting liability assumptions
- Enhanced digital payment safety measures including lagged credits and additional authentication factors
- Consolidated cybersecurity framework expected to bring UCB-specific requirements
- Tone at the Top: Board commitment to fraud prevention as strategic priority, not compliance checkbox
- Investment in Controls: Maker-checker, concurrent audit, EWS—these require resources, technology, and skilled personnel
- Culture of Accountability: Swift action when controls are bypassed, reporting delays occur, or red flags ignored
- Continuous Improvement: Learning from industry cases, updating controls as fraud methods evolve
The Concurrent Audit Reality Check
RBI inspectors increasingly scrutinize whether concurrent audits are genuinely concurrent. A common compliance gap: UCBs conduct monthly "concurrent" audits that review transactions weeks after occurrence. This defeats the purpose.
What "Contemporaneous" Means:
Fraud Prevention Action Checklist for UCBs
Use this checklist to assess your current fraud prevention framework:
Policy & Governance
Maker-Checker Controls
Internal Audit
Concurrent Audit
Reporting Readiness
Documentation & Training
Early Warning Systems: Mandatory Framework for Tier 3 & 4 UCBs
The July 2024 Master Directions mandate Early Warning Signal (EWS) frameworks for Tier 3 and Tier 4 UCBs, as well as StCBs and CCBs with deposits exceeding ₹1,000 crore.
What EWS Must Cover
The framework must enable proactive fraud detection through systematic monitoring of:
Transaction-Level Red Flags:
Borrower Behavior Red Flags:
Operational Red Flags:
EWS Integration Requirements
The Directions require EWS to integrate with overall risk management—not operate as a standalone system. This means:
Proportionality Principle: Tier 1 and 2 UCBs (deposits below ₹1,000 crore) are not mandated to implement formal EWS frameworks. However, the prudent approach—given penalty trends and the Ajanta UCB example—suggests implementing basic red-flag monitoring regardless of regulatory mandate.
What RBI Inspectors Will Specifically Examine
Understanding the inspection focus areas allows UCBs to prepare effectively. Based on the July 2014 Master Circular on Internal Audit (still operative for audit standards) and the July 2024 Fraud Master Directions, inspectors will examine:
Primary Focus Areas
1. Internal Audit Effectiveness
2. Concurrent Audit Reality
3. EDP/IS Audit
4. Investment Portfolio Review
5. Audit Committee of the Board
Fraud-Specific Inspection Points
6. Maker-Checker Controls
7. EWS/Red Flag Monitoring
8. Staff Accountability
9. Fraud Classification Accuracy
Pre-Inspection Preparation Window
UCBs typically have 2-4 weeks notice before inspection. Use this window to:
Looking Ahead: 2025-26 Regulatory Trajectory
The fraud prevention landscape continues to evolve. Key developments UCB executives should monitor:
Already in Force (FY25)
Proposed for FY26
Strategic Implications
The regulatory direction is clear: fraud prevention is shifting from reactive detection to proactive prevention, with increasing personal accountability for delays and lapses. The compensation proposals signal that UCBs may bear direct financial liability for customer fraud losses—making prevention economically imperative, not just compliance-driven.
Building a Fraud-Resilient UCB
The Ajanta UCB collapse wasn't caused by sophisticated external attackers. It was internal—collusion at the highest levels, enabled by weak controls and ignored warning signs. The ₹97.4 crore loss and ultimate bank failure were preventable.
The July 2024 Master Directions provide the framework. Implementation requires:
For UCB executives navigating these requirements, the complexity lies not in understanding what the regulations require, but in implementing them effectively within the constraints of cooperative banking—limited budgets, legacy systems, and boards with varying levels of technical expertise.
NexlyAdvisory works exclusively with Urban Cooperative Banks to design and implement fraud prevention frameworks aligned with RBI's July 2024 Master Directions. Our services include fraud risk policy drafting, internal audit effectiveness reviews, EWS framework design, and pre-inspection readiness assessments. For a confidential discussion on strengthening your UCB's fraud prevention architecture, reach out to our advisory team.
This article is for informational purposes and does not constitute legal or regulatory advice. UCBs should consult the full text of referenced RBI circulars and seek professional guidance for specific compliance questions.
Need help with fraud prevention at your UCB?
NexlyAdvisory provides specialist advisory and the AEGIS platform exclusively for Urban Cooperative Banks. Book a free 30-minute consultation to discuss your specific situation.
Book a Free Consultation