FinTechFraud Monitoring System in an NBFC: A Step Towards Creating a Safer Economic Sector in India

February 24, 20230


A Non–Banking Financial Company (“NBFC’s”) is known as a company, which is indulged in providing financial services similar to banks such as, loans and advances, acquisitions of shares, debentures, stocks and other marketable securities without the need of possessing a banking license.

In India, Reserve Bank of India (“RBI”) acts as one of the crucial regulatory body governing financial sector in India. Therefore, any FinTech companies, which uses technology to automate and enhance procedure of providing financial services in an efficient and faster manner is required to be registered as an NBFC under Section 45-I of the Reserve Bank of India Act, 1934 (“RBI Act).

The advancement and growth in the Internet have brought various benefits into the day-to-day lives of individuals. However, growth and advancement in the Digitized economy have eventually resulted into a sharp increase of concerns. One such factor is causing people to become increasingly concerned: Cyber Fraud. In the past three years India has witnessed over 16 lakhs cases of Cyber Fraud.

The RBI considering the rapid growth of the FinTech market in India, higher risk appetite of NBFCs, which has enabled them to contribute to their size, complexity, interconnectedness with the financial system and making some of the entities systemically significant, posing potential threat to financial stability, has led to the introduction of Monitoring of Frauds in NBFCs (Reserve Bank) Directions, 2016 (“RBII Directions, 2016).


The Directions issued by the RBI, will be applicable on the following categories of NBFCs –

  • All Deposit taking NBFCs; and
  • Systemically Important Non-Deposit taking NBFCs.


The RBI in order to simplify the manner of identifying financial fraud and to weed out any possibility of delays in identification and reporting of such frauds by the employees have classified frauds in the following broad categories:

    • Misappropriation and criminal breach of trust;
    • Fraudulent encashment through forged instruments, manipulation of books of account or through fictitious accounts and conversion of property;
    • Unauthorized credit facilities extended for reward or for illegal gratification;
    • Negligence and cash shortages;
    • Cheating and forgery;
    • Irregularities in foreign exchange transactions;
    • Any other type of fraud not coming under the specific heads as above.

It is taken into consideration that there are instances where the borrower does not intend to defraud or cheat the lender but instead merely defaults on abiding by the procedure though mistake or negligence or due to insufficient funds.

Thus, the directions further clarify that where there is suspected fraud under the ‘Negligence and cash shortages’ category or the ‘Irregularities in foreign exchange transactions’ categories, in such cases the intention to cheat or defraud must be looked at before reporting the instance to the Central Fraud Monitoring Cell. Where the same is not the case, the instances should be treated as fraud and reported accordingly only when:

(a) Cases of cash shortages is more than Rs. 10,000/- and

(b) Cases of cash shortages is more than Rs. 5000/- if detected by management /auditor / inspecting officer and not reported on the occurrence by the persons handling cash.


1. On the basis of Quantum – 

The RBI vide the direction have even classified frauds on the basis of the quantum of the defrauded amount and lays out separate procedure and authorities for reporting.

a. In case of frauds over the quantum of Rs. 1 lakh but less than Rs. 1 Crore – 

In such cases of fraud, the report should be submitted in the form FMR – 1 to the Regional Office of the Department of Non-Banking Supervision of the Bank under whose jurisdiction the Registered Office of the applicable NBFC falls, within three weeks  form the date of detection of the fraud.

b. In case of frauds over the quantum of Rs. 1 Crore

In such cases of fraud, the NBFC shall report the fraud by means of a D.O. letter addressed to the Chief General Manager-in-charge, Department of Banking Supervision, Reserve Bank of India as well as the Frauds Monitoring Cell. Further, a copy must also be endorsed to the Chief General Manager-in-charge of the Department of Non-Banking Supervision, RBI. All these must be sent within a week of such frauds coming to the notice of the applicable NBFC.

2. Quarterly Reports and Annual Review of Frauds

The NBFC’s are supposed to update the authority on a regular basis on the status of frauds. Therefore, they are directed to submit a copy of the Quarterly Report on Frauds Outstanding in the format given in FMR – 2 to the Regional Office of the Bank within 15 days of the end of the quarter.

Such report shall be divided in 3 Parts.

    • Part A is supposed to cover the details of frauds outstanding as at the end of the quarter
    • Part ­B should contain all the category-wise details of the frauds during the quarterly year.
    • Similarly, Part C of the report should contain all the perpetrator-wise details of frauds reported during the quarter.

The RBI wants to ensure that besides identification, there should also be action taken against the fraudsters and thus case-wise quarterly progress reports on frauds involving Rs. 1 lakh and above in the format given in FMR – 3 are also required to be submitted within 15 days of the end of the quarter.

Thus, the Directions also contain strict procedure for closing of cases of Fraud and they are allowed only where the actions are complete and prior approval is obtained from the respective Regional Offices of Department of Non-Banking Supervision (DNBS).

3. In case of Attempted Fraud

In an attempt to strengthen mechanisms and take punitive actions on even attempted fraudsters the NBFC’s are directed to report even those attempted frauds involving Rs. 25 lakhs to the Audit Committee. The report containing attempted frauds which is to be placed before the Audit Committee of the Board.

The report containing attempted frauds which is to be placed before the Audit Committee of the Board should cover inter alia the following viz;

• The modus operandi of the attempted fraud;

• How the attempt did not materialize in the fraud or how the attempt failed / was foiled;

• The measures taken by the applicable NBFC to strengthen the existing systems and controls;

• New systems and controls put in place in the area where fraud was attempted;

Further, on March 31st of every year an yearly review must be submitted of the cases (of attempted fraud) detected through the year as well as the abovementioned list of details of such cases.

In order for the effective submission of the reports and review’s specified under these Directions the NBFC’s have been directed to nominate an official of the rank of General Manager or equivalent submitting all the returns to the Bank.

4. Reporting Frauds to Police 

The NBFCs in cases of fraud/embezzlement, should not merely be act merely because of the necessity of recovering the amount involved, but should also be motivated by public interest and the need for ensuring that the guilty persons do not go unpunished.

Therefore,  NBFCs in the following cases should invariably approach State Police:

    • Cases of fraud involving an amount of Rs. 1 lakh and above, committed by outsiders on their own and/or with the connivance of applicable NBFCs staff/officers;
    • Cases of fraud committed by employees of applicable NBFCs, when it involves the NBFC funds exceeding Rs. 10,000/-


The Directions issued by the RBI are aimed towards establishing a robust fraud monitoring system in an NBFC in order to ensure that such NBFCs have in place a system to take preventive steps to safeguard NBFCs from Fraudulent activities and protect the interest of its consumers.

The Directions issued by the RBI provide stringent guidelines to be followed by the NBFCs to prevent fraudulent activities, by establishing a detailed Fraud Risk Management system in conjunction with a reconciliation mechanism which identifies and blocks suspicious transactions.

The Directions are likely to enhance the security and stability of NBFCs, as proper implementation of the guidelines prescribed will ensure reduced occurrence of various risks associated with Cyber Frauds.


NBFC’s are an essential part of the functioning of the modern society in India, as it enables low net worth individuals from rural backgrounds and small businesses without cash flow or property worth keeping as security to avail financial aid and thus are an essential part in India’s journey towards financial inclusion.

The Directions issued by the RBI are a much-needed positive move to ensure NBFCs have in place a comprehensively framed Fraud Monitoring system to ensure that in case of any adverse/fraudulent transaction is detected an appropriate actions can be taken. The vividly described fraud monitoring process under these Directions is expected to minimize the frauds in NBFCs.

However, it must be made sure that the abidance to these rules are not merely followed in letter but in spirit as well, the nature of financial fraud being a intrinsically technical means that fraudsters would come up with yet inventive ways to overcome the checks and balances put in place by these Directions and thus the Managers, staff and regulatory bodies must take a more proactive role in oversight in the operations of the NBFCs.

– Team AMLEGALS, assisted by Mr. Jason James


For any query or feedback, please feel free to get in touch with or

© 2020-21 AMLEGALS Law Firm in Ahmedabad, Mumbai, Kolkata, New Delhi, Bengaluru for IBC, GST, Arbitration, Contract, Due Diligence, Corporate Laws, IPR, White Collar Crime, Litigation & Startup Advisory, Legal Advisory.


Disclaimer & Confirmation As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise. By clicking on the “I AGREE” button below, user acknowledges the following:
    • there has been no advertisements, personal communication, solicitation, invitation or inducement of any sort whatsoever from us or any of our members to solicit any work through this website;
    • user wishes to gain more information about AMLEGALS and its attorneys for his/her own information and use;
  • the information about us is provided to the user on his/her specific request and any information obtained or materials downloaded from this website is completely at their own volition and any transmission, receipt or use of this site does not create any lawyer-client relationship; and that
  • We are not responsible for any reliance that a user places on such information and shall not be liable for any loss or damage caused due to any inaccuracy in or exclusion of any information, or its interpretation thereof.
However, the user is advised to confirm the veracity of the same from independent and expert sources.