This article examines the key elements of RBI’s Master Directions on Fraud Risk Management, focusing on RFAs, EWS, staff accountability, and governance requirements.
Red Flagged Accounts (RFA)
A Red Flagged Account is identified when one or more Early Warning Signals indicate the possibility of fraudulent activity in a loan or credit facility. RBI mandates banks to put in place a **Board-approved framework** for the identification, monitoring, and review of EWS and RFAs.
The framework is overseen by the Risk Management Committee of the Board (RMCB), which periodically reviews alert mechanisms, trigger thresholds, investigation outcomes, and remedial measures. Once an account is red-flagged, banks are required to conduct a detailed examination through internal teams or external forensic auditors. Accordingly, loan documentation should contain suitable clauses permitting such investigations.
In cases where investigations remain inconclusive, banks must still take a reasoned decision on fraud classification based on available material and evidence, rather than allowing prolonged indecision.
Early Warning Signals (EWS)
Early Warning Signals serve as the foundation for RFA identification. RBI has outlined more than 45 indicative signals, including frequent changes in ownership or management, abnormal transaction patterns, diversion of funds, and delays in submission of financial statements.
The RMCB determines the materiality thresholds and escalation criteria for these signals to enable timely intervention, thereby preventing potential fraud from crystallizing. Banks are expected to monitor EWS through a combination of technology-driven systems and manual oversight, with senior management ensuring effective implementation across business verticals.
—
Staff Accountability Framework
RBI requires banks to initiate and complete staff accountability examinations in all fraud cases in a time-bound manner, in accordance with their internal policies. The revised framework moves away from rigid timelines prescribed under earlier guidelines and emphasizes prompt action based on case complexity.
The process involves identifying lapses or failures at various levels, initiating disciplinary proceedings expeditiously, and fixing responsibility wherever warranted. In cases involving third parties, banks must report details to the Indian Banks’ Association (IBA) for inclusion in caution or debarment lists.
For Public Sector Banks (PSBs) and All-India Financial Institutions (AIFIs), staff accountability is subject to closer scrutiny, with progress monitored by top management and, where applicable, by law enforcement agencies.
—
Governance and Regulatory Reporting
High-value fraud cases (₹1 crore and above) are reviewed by the Fraud Monitoring Committee (FMC) or an equivalent senior-level committee. The committee examines systemic weaknesses, progress of investigations, recovery efforts, and preventive controls.
Banks are required to report RFAs and confirmed frauds to the RBI and Law Enforcement Agencies (LEAs) within prescribed timelines. A senior executive, typically of the rank of General Manager, is designated to oversee fraud monitoring, reporting, and regulatory coordination to ensure full compliance with RBI instructions.
—
Implementation Best Practices
To strengthen fraud risk management frameworks, banks should consider the following best practices:
* Integrating EWS into core banking and digital platforms for real-time alerts
* Conducting regular staff training on RFA identification and accountability procedures
* Leveraging data analytics and pattern recognition tools to supplement manual reviews
Effective implementation of these measures enhances banks’ resilience against fraud, safeguards depositor interests, and contributes to overall financial system stability.
