Compliance Co-pilot — turn any RBI circular into an action plan

Step 1 — check eligibility & form. CDs may be issued only by the categories of banks and select all-India financial institutions permitted by the RBI, and only in dematerialised form. They are issued in a minimum size and in multiples set by the Directions — verify the current minimum and step size on the official source before printing a term sheet.

Step 2 — set tenor & pricing. A CD is issued at a discount to face value (or on a floating-rate basis) for a tenor inside the permitted band for the issuer type. It is freely transferable, with no minimum holding period or lock-in on transfer — the discount yield must reflect that liquidity and the issuer’s short-term funding cost.

Step 3 — maintain reserves & respect the buy-back / loan limits. The outstanding CD is a liability that attracts the applicable CRR / SLR maintenance like other liabilities. Loans against CDs and an issuer buying back its own CDs before maturity are restricted — permitted only on the conditions in the Directions, so treat both as exceptions to clear with treasury & compliance, not as routine.

Step 4 — report & conduct. Complete subscriber KYC / customer due diligence, disclose all terms transparently, and report the issuance and secondary trades on the prescribed reporting platform within the required window. Keep the ISIN, settlement and transfer trail clean — a CD is an audited market instrument, not a back-office deposit.

Step 1 — choose the assessment method. For smaller limits the turnover method (limit set as a share of projected annual turnover, net of the borrower’s own margin) is common; for larger limits the banker assesses the working-capital gap (current assets minus other current liabilities) under the permissible-bank-finance approach. Pick the method that matches the limit size and segment, and document the projections.

Step 2 — fix drawing power and margin. The CC limit is operated against a drawing power derived from paid-for stock and eligible book debts after applying the prescribed margins, and refreshed from periodic stock and receivables statements. Exclude unpaid stock, slow-moving inventory and overdue or ineligible receivables — drawing power, not the sanctioned limit, caps what can actually be drawn.

Step 3 — security, pricing & review. Take hypothecation of current assets as primary security plus collateral as required; price against the bank’s external benchmark lending rate (EBLR); and review the limit at least annually. Under consortium or multiple-banking arrangements, share borrower information with the other lenders as required.

Step 4 — monitor conduct & asset classification. Watch for continuous operation of the account. An account that stays in excess of the sanctioned limit / drawing power, or where interest is not serviced, turns irregular and — beyond the prescribed period — slips to NPA under the IRAC norms. Keep stock statements, end-use evidence and reporting current.

Step 1 — identify the counterparty & the connected group. Map who is really being lent to. Companies under common control or with strong economic interdependence are treated as a single group of connected counterparties, so the two group companies’ exposures are added together — you measure the limit against the group, not each entity in isolation.

Step 2 — total the exposure value. Sum every on- and off-balance-sheet claim: funded loans, plus the credit-equivalent of non-fund-based lines (an LC / bank guarantee converts in via its credit-conversion factor) and derivative / investment exposures. Apply any eligible credit-risk-mitigation the framework recognises before comparing to the ceiling.

Step 3 — test against the ceilings. Express the total as a percentage of the bank’s eligible capital base (Tier 1 capital) and check it against the single-counterparty ceiling and the higher connected-group ceiling set by the RBI. Specific exemptions (for example certain sovereign and central-counterparty exposures) sit outside the cap — confirm the current percentages and the exemption list on the official source before you commit.

Step 4 — if it breaches, restructure or report. If the new facility would push the group over the ceiling, the options are to resize or syndicate it (share the exposure with other lenders, e.g. via the co-lending or a consortium route), decline the increment, or use risk transfer. A breach that does occur must be reported to the RBI and brought back within limits — build the headroom check into the sanction, not the post-mortem.

Step 1 — establish eligibility & the underlying export. Verify a firm export order or letter of credit, the exporter’s KYC and track record, and that the goods/services are eligible. Export credit is a purpose-tied facility sanctioned against evidence of a genuine export — and counts toward priority-sector lending within the prescribed limits.

Step 2 — sanction pre-shipment (packing credit). Provide working capital to procure, process and pack the goods, against the order / LC, with a margin and a defined liquidation period. Choose rupee packing credit or foreign-currency packing credit (PCFC) — the latter gives a natural currency hedge against the export receivable. The advance must be liquidated by the export proceeds, not rolled into general working capital.

Step 3 — convert to post-shipment credit on shipment. Once goods ship, the pre-shipment advance is liquidated by post-shipment finance — negotiation / purchase / discount of export bills, or advance against bills sent on collection — up to the normal transit and credit period, so the exporter is paid while the overseas buyer is still to remit.

Step 4 — monitor realisation, interest & classification. Track receipt of export proceeds within the permitted realisation period; unrealised or overdue export bills attract higher provisioning and can affect classification under the IRAC norms. Keep shipping documents, end-use evidence and the order-to-realisation trail current, and file the prescribed export-monitoring returns.

Step 1 — appraise the project & fix the means of finance. Establish technical and commercial viability (a techno-economic viability study for larger projects), then fix the project cost and the means of finance — promoter equity plus debt — so the debt-equity gearing is prudent and the promoter has real skin in the game. The term loan funds the asset, not day-to-day working capital.

Step 2 — test debt-servicing capacity (DSCR). Project the cash flows over the loan life and compute the debt service coverage ratio — cash available for debt service against interest plus principal due each year. A comfortable average and minimum DSCR (well above 1.0) is the core repayment test; stress it for cost overrun, delay and demand shortfall before sanction.

Step 3 — structure moratorium, tenor & repayment. Allow a moratorium covering construction and ramp-up, set a tenor matched to the asset’s economic life, and build a repayment schedule (often stepped/ballooned to the cash-flow profile). Take the financed assets as primary security plus collateral and guarantees as required, and price against the bank’s external benchmark lending rate (EBLR).

Step 4 — disbursement, end-use & asset classification. Disburse in tranches against verified project milestones, monitor end-use, and track the date of commencement of commercial operations (DCCO). Watch for instalment / interest overdues: beyond the prescribed period the account slips to NPA under the IRAC norms, and DCCO deferral has its own restructuring/asset-classification treatment.

Step 1 — confirm eligibility & that the loan is genuinely collateral-free. Check the borrower is an eligible micro / small enterprise and the facility falls within the guarantee scheme’s eligible-activity and limit conditions. The defining feature is that no collateral security or third-party guarantee is taken for the covered portion — the credit guarantee substitutes for the security. The exposure typically also counts toward priority-sector targets.

Step 2 — appraise on cash flows, then lodge the guarantee. With no collateral to fall back on, appraisal rests on the unit’s viability and cash flows. Sanction on merit, then enrol the account with the guarantee Trust within the prescribed window and pay the guarantee fee so the cover is validly in force from the start.

Step 3 — price, document & service. Price the facility against the bank’s external benchmark lending rate (EBLR) (the guarantee fee is a separate cost), document the covered limit, and run the account — periodic renewal of the cover and reporting per the scheme keep the guarantee live for the whole tenor.

Step 4 — on default: classify, then invoke the guarantee. An overdue account still slips to NPA under the IRAC norms exactly as a secured loan would — the guarantee does not change asset classification. After classification the bank invokes the guarantee within the scheme’s timeline to claim the covered share of the loss, while continuing recovery on the balance. Missing an enrolment, renewal or claim deadline can void the cover, so build those dates into the monitoring calendar.

Step 1 — verify ownership, assay & value the gold. Confirm the pledger’s ownership, assay the purity, and value only the gold content of the ornaments (excluding stones, gems and the making charge) on the prescribed valuation basis. The valuation is the denominator for the LTV test, so a standardised, auditable assaying process is the foundation of the whole facility.

Step 2 — size the loan within the regulatory LTV ceiling. Advance only up to the regulator-set LTV ceiling on the valued gold — the ceiling is fixed by the RBI, so confirm the current figure on the official source rather than assuming it. For a bullet-repayment structure remember that accrued interest also counts toward the exposure, so size conservatively to keep the account inside the ceiling at maturity.

Step 3 — choose the repayment structure, price & monitor. Pick bullet (interest and principal at maturity) or regular EMI / interest-servicing to match the borrower; price against the bank’s external benchmark lending rate (EBLR); document the pledge; and store the ornaments securely. Monitor LTV through the tenor — a fall in gold prices or accruing interest can breach the ceiling and call for a top-up of collateral or part-payment.

Step 4 — on default: classify, then auction transparently. An overdue gold loan slips to NPA under the IRAC norms like any secured loan. Recovery is by sale of the pledged gold through a transparent auction — adequate prior notice to the borrower, a reserve price tied to the valuation, an arm’s-length process, and refund of any surplus after dues. Auction transparency and Fair-Practices disclosures are mandatory, so build the notice and reserve-price steps into the recovery playbook.

Step 1 — understand the instrument & the parties. TReDS is an RBI-authorised electronic platform on which a registered MSME seller’s receivables from corporate / government buyers are financed. The bank participates as a financier alongside an onboarded seller and buyer; an accepted invoice / bill becomes a financeable unit on the exchange. This is a form of factoring / bill discounting run on a transparent, multi-financier marketplace.

Step 2 — wait for buyer acceptance, then bid to discount. Financing happens only once the buyer accepts the unit on the platform — acceptance shifts the payment obligation to the buyer. Financiers then bid a discount rate; the winning bid funds the seller upfront, net of the discount, and the receivable is assigned to the financier. Most TReDS financing is without recourse to the seller, so the credit risk you are underwriting is the buyer’s.

Step 3 — price, classify the exposure & register the assignment. Price the discount against the bank’s external benchmark lending rate (EBLR) and the buyer’s credit standing. Post-acceptance the exposure sits on the buyer (drawee), so set buyer-wise limits and feed it into the buyer’s overall exposure. Eligible MSME factoring can count toward priority-sector targets, and the assignment is registered with the Central Registry as the factoring framework requires.

Step 4 — settlement on the due date; on buyer default, classify. On maturity the platform settles by debit to the buyer. If the buyer fails to pay, the financed receivable can slip to NPA under the IRAC norms and recovery is pursued against the buyer — in a without-recourse structure there is no fallback to the seller. Build the buyer-acceptance check, the recourse status and the due-date settlement into the credit note so the risk is priced on the right counterparty.

Step 1 — establish eligibility & size the limit on the scale of finance. Confirm the applicant is an eligible cultivator (owner, tenant, sharecropper, oral lessee, or a member of a Self-Help / Joint-Liability Group). Size the short-term limit from the district-level scale of finance for each crop × the area cultivated, adding components for post-harvest / household consumption, farm-asset maintenance and a built-in margin. KCC is a flexible, multi-year revolving limit — not a one-shot disbursal.

Step 2 — run it as a revolving limit & take security. Operate the facility like a revolving line drawn within the sanctioned limit, valid for several years with an annual review and a built-in step-up. Primary security is the hypothecation of crops / assets created; collateral is waived up to the regulator-prescribed collateral-free ceiling — confirm the current threshold on the official source rather than assuming it.

Step 3 — price against EBLR, then apply the interest-subvention. Price the facility against the bank’s external benchmark lending rate (EBLR), then apply the government’s interest-subvention and prompt-repayment incentive on the eligible short-term crop loan so the effective rate to the farmer is concessional. Claim the subvention correctly and pass the benefit through; the exposure counts toward the priority-sector agriculture target.

Step 4 — tie repayment to the crop season & classify accordingly. Align repayment to the harvesting and marketing of each crop. A KCC crop loan turns NPA under the special crop-season-based IRAC norms — tied to crop seasons rather than the generic 90-day rule — so track the season-linked overdue date, and apply any moratorium / restructuring relief available where a natural calamity is notified.

Step 1 — check eligibility & size the loan on course cost plus margin. Confirm the applicant has secured admission to an eligible recognised course / institution and identify a co-borrower (usually a parent / guardian). Size the loan from the total cost of the course (fees plus reasonable living, books and equipment costs), applying the prescribed borrower’s margin on the higher slabs. Disburse in stages aligned to each semester / year rather than as a single lump sum.

Step 2 — fix security on the loan-size band & use the guarantee cover. Up to the regulator-prescribed collateral-free ceiling the loan is sanctioned without third-party guarantee or tangible collateral (co-obligation of the parent apart); above that band the banker takes collateral as prescribed. For eligible loans use the credit-guarantee cover (the education-loan guarantee fund) in place of collateral — confirm the current collateral-free threshold and guarantee terms on the official source rather than assuming them.

Step 3 — set the moratorium and apply any interest subvention. Build in a moratorium running for the course period plus a grace period before repayment starts. Price the loan against the bank’s external benchmark lending rate (EBLR), then apply the central interest-subvention on the eligible slab for economically weaker / eligible categories so the effective cost to the student is reduced; claim and pass through the subvention correctly.

Step 4 — start repayment after the moratorium & classify accordingly. Repayment in equated instalments begins after the moratorium ends. The account is monitored from the repayment-commencement date; if instalments / interest are not serviced it turns irregular and — beyond the prescribed period — slips to NPA under the IRAC norms. The exposure counts toward the priority-sector (education) target.

Step 1 — check eligibility & size the loan on income / repayment capacity. Verify the borrower’s identity and KYC, income and the property title. Size the loan from repayment capacity — the EMI as a share of net monthly income (fixed-obligations-to-income / FOIR) over the chosen tenure — not just the property value, so the instalment stays affordable across the loan life.

Step 2 — fix the loan amount within the LTV ceiling. The loan is capped by the regulator-prescribed loan-to-value (LTV) ceiling, which steps down as the loan size rises; the borrower funds the balance as own contribution (margin). Stamp duty / registration charges are generally kept outside the property value for the LTV test — confirm the current LTV bands and the cost-inclusion rule on the official source rather than assuming them.

Step 3 — perfect the security & price against EBLR. Take the property as security, usually by an equitable mortgage (deposit of title deeds) and register the charge on CERSAI to protect priority; see mortgage. Price a floating-rate housing loan against the bank’s external benchmark lending rate (EBLR), with the spread / risk premium by risk-weight band — confirm the applicable risk weight on the official source.

Step 4 — disburse, then monitor & classify. Disburse in line with construction stages for an under-construction property, or in one tranche for a ready unit. Track EMI servicing from the repayment-commencement date; if instalments / interest are not serviced the account turns irregular and — beyond the prescribed period — slips to NPA under the IRAC norms. Eligible housing exposure counts toward the priority-sector (housing) target.

Step 1 — classify the guarantee & assess the underlying obligation. Verify the customer’s identity and KYC, then identify the BG type — a financial guarantee (assuring a payment / financial obligation) or a performance guarantee (assuring completion of a contract / supply). Read the beneficiary’s draft wording and the underlying contract so the bank’s liability is finite, certain and tied to a defined trigger, expiry and claim period — an open-ended or ambiguous guarantee is a red flag.

Step 2 — sanction a BG limit, fix margin & counter-indemnity. Sanction the guarantee within a non-fund-based limit appraised on the customer’s standing and the obligation’s risk. Take cash margin (often as a deposit / lien) plus collateral commensurate with the risk, and obtain the customer’s counter-indemnity so the bank can recover on invocation — confirm the applicable margin and security norms on the official source rather than assuming them.

Step 3 — price the commission & carry the capital / exposure charge. Price the BG by a guarantee commission (a fee for the tenor and risk, not an interest rate), since no funds are lent. Even though it is off the funded book, the contingent liability is converted by the prescribed credit-conversion factor and carries a capital charge toward the bank’s capital adequacy, and it counts in the customer’s overall exposure — confirm the current conversion / capital treatment on the official source.

Step 4 — on invocation: honour, debit, then recover. A valid BG is an independent undertaking — on a conforming claim within validity the bank must pay the beneficiary on demand, irrespective of disputes in the underlying contract (absent fraud / a court injunction). The bank then debits the customer / margin under the counter-indemnity; an unpaid devolved guarantee becomes a funded irregularity that can slip to NPA under the IRAC norms. Release the bank’s liability on expiry / return of the original BG and reverse the limit.

Step 1 — test the trigger events against the definition. Wilful default is not mere non-payment: it arises in defined situations — a borrower who has the means but does not honour the obligation; one who has not used the finance for the purpose it was taken and has diverted it; one who has siphoned funds out of the entity; or one who has disposed of charged / secured assets without the lender’s knowledge. Establish the evidence for the specific limb relied on, once the account is examined above the prescribed threshold — confirm the current threshold on the official source rather than assuming it.

Step 2 — follow the identification due process (committee → show-cause → representation). The framework mandates a structured mechanism: an identification committee examines the account and issues a show-cause notice; the borrower (and, where relevant, the guarantor / promoter / director) is given a genuine opportunity to make a written representation and be heard; a separate review committee then takes the final, reasoned decision. Natural justice is the heart of this — a classification made without a hearing is liable to be set aside.

Step 3 — record the speaking order & report the status. Once the review committee classifies the borrower, pass a reasoned (speaking) order and keep the committee minutes on file. Report the wilful-defaulter status to the credit information companies and to the RBI’s CRILC so the information is visible across the banking system — reporting is what gives the classification its system-wide effect.

Step 4 — apply the consequences & the exit path. Consequences follow classification: no additional credit facilities from the banking system, a bar on the borrower (and its promoters / directors) floating new ventures for the prescribed period, and recall / legal recovery as warranted — pursued alongside, not instead of, the normal IRAC provisioning on the underlying NPA. A defined removal / exit path exists once dues are settled and the prescribed period elapses — confirm the current consequences and removal timeline on the official source.

Step 1 — pick up the Early Warning Signals (EWS) and flag a Red-Flagged Account (RFA). The framework expects banks to run an Early-Warning-Signal system; when a defined signal triggers, the account is marked a Red-Flagged Account (RFA) pending examination. The RFA tag is a “suspicion” status, not yet a finding of fraud — confirm the current EWS indicators and the examination window on the official source rather than assuming them.

Step 2 — investigate (forensic / staff-accountability audit). Commission a forensic or investigative audit of the RFA to establish whether funds were diverted or siphoned, whether documents were falsified, and whether any staff or third party colluded. The audit findings — not the mere existence of a default — are the evidence on which a fraud decision must rest.

Step 3 — give the borrower a hearing, then classify by speaking order. Before an account is declared fraud, the borrower (and, where relevant, its promoters / directors) must be served the material relied on and given a genuine opportunity to be heard — the natural-justice requirement affirmed by the Supreme Court. The competent authority then classifies, or declines to classify, the account as fraud by a reasoned (speaking) order within the prescribed timeline — confirm the current timeline on the official source.

Step 4 — report, provide and pursue recovery. On classification, report the fraud to the RBI through the prescribed returns and to the Central Fraud Registry / CRILC so it is visible system-wide, file a complaint with the appropriate law-enforcement agency (police / CBI / SFIO as applicable), and make provision against the amount as required — alongside, not instead of, the normal IRAC treatment of the underlying NPA. Where the borrower also has the means but won’t pay or has diverted funds, the wilful-defaulter track may run in parallel.

Step 1 — identify & verify (CDD) and find the beneficial owner. Collect and verify the customer’s identity and address from an Officially Valid Document (OVD), and capture the photograph and PAN / equivalent as required. For a non-individual (company, LLP, partnership, trust) go behind the entity to the beneficial owner — the natural person(s) who ultimately own or control it above the prescribed control / ownership threshold — and verify them too. Confirm the current OVD list and the beneficial-owner threshold on the official source rather than assuming them.

Step 2 — risk-categorise the customer (low / medium / high). Assign a money-laundering risk category from the customer’s profile, business, location and the nature of the relationship. A Politically Exposed Person (PEP), a non-face-to-face onboarding, or a complex ownership structure pulls the relationship toward higher risk; a simple salaried resident is typically lower risk. The category drives how much due diligence and how frequent the periodic review will be — Enhanced Due Diligence for high-risk, simplified measures for low-risk.

Step 3 — screen against sanctions / PEP lists before activating. Screen the customer and the beneficial owners against the prescribed sanctions lists and PEP databases before the account goes live; a positive match is a stop-and-escalate, not a proceed. Where the customer is a PEP, apply the additional senior-management approval and source-of-funds checks the framework requires. Keep the screening evidence on file.

Step 4 — set up periodic updation & ongoing monitoring (and the STR path). Record the risk category and schedule periodic KYC updation at the prescribed frequency for that category. Switch on transaction monitoring against the expected profile; an unusual or suspicious pattern is examined and, where warranted, a Suspicious Transaction Report (STR) is filed with FIU-IND — alongside the prescribed cash (CTR) and other reports. Confirm the current updation periodicity and reporting thresholds on the official source.

Step 1 — internal grievance redressal first (acknowledge, log, resolve in the turnaround). The complaint enters the bank’s Customer Grievance Redressal Mechanism: it is acknowledged, given a tracking reference and logged, then resolved within the prescribed turnaround time through a published escalation matrix that runs up to the Nodal / Principal Nodal Officer. A clear, reasoned reply — full redress, partial redress with reasons, or rejection with reasons — closes the internal stage. Confirm the current turnaround and any auto-compensation (e.g. for delayed credit / failed transactions) on the official source.

Step 2 — the Internal Ombudsman (IO) reviews rejections before the final word. Where the bank proposes to reject or only partly redress a complaint, it must, before sending the final reply, escalate it internally to its Internal Ombudsman — an independent apex authority within the bank. The IO’s review is an internal check that the rejection is fair and consistent; it is built into the reply, not a step the customer has to chase.

Step 3 — escalation to the RBI Ombudsman under RB-IOS (via the CMS portal). If the bank does not resolve the complaint within the prescribed period, or the customer is dissatisfied with the reply, the customer may approach the RBI Ombudsman free of cost through the Complaint Management System (CMS) portal / centralised receipt centre. The Ombudsman facilitates settlement and, failing that, can pass an Award directing redress; certain matters and monetary ceilings define what the Ombudsman can decide and what compensation it can award — confirm those on the official source.

Step 4 — comply with the outcome and fix the root cause. The bank implements the agreed settlement or the Ombudsman’s Award within the stipulated time and reports compliance. Beyond the single case, the deficiency is fed back into root-cause analysis — recurring complaint themes are tracked, reported to the Board / Customer Service Committee and used to fix the underlying process, which is exactly what the supervisory review of grievance data looks for.

Step 1 — confirm eligibility & that the purpose is permitted. LRS is for resident individuals (including minors, with the natural guardian signing) — not corporates, partnerships or HUFs. Establish residential status and run KYC, then classify the purpose: most current-account purposes (education, travel, medical, maintenance of relatives, gifts) and capital-account purposes (overseas investment, property, deposits) are permitted, while a defined set (margin trading, lottery, purchase of FCCBs, remittances to non-cooperative / FATF-flagged jurisdictions, etc.) is prohibited. A prohibited purpose stops the transaction at the counter.

Step 2 — aggregate against the annual ceiling. LRS has a per-individual cap per financial year across all authorised dealers, so the limit is the customer’s, not the branch’s. Obtain the mandatory declaration of remittances already made in the year (through any bank), aggregate them, and ensure the new remittance fits within the remaining headroom. Remittances by the individual’s family members can be clubbed for some purposes — confirm the current ceiling and clubbing rules on the official source rather than assuming them.

Step 3 — take Form A2 & the declaration, deduct TCS, then remit. The customer signs Form A2 (the FEMA application-cum-declaration for the foreign-exchange purchase) plus the LRS declaration. Apply any Tax Collected at Source (TCS) due on the remittance at the prescribed rate for the purpose and threshold (education / medical financed by loan are treated more concessionally) — confirm the current TCS rates and thresholds on the official source. The bank then buys the foreign exchange and remits, recording the purpose code.

Step 4 — report, retain & monitor. Report the remittance in the prescribed FEMA returns (the transaction flows into the RBI’s reporting system through the AD), retain Form A2, the declaration and KYC for the prescribed period, and monitor for structuring — splitting one large remittance into many to dodge the ceiling or a reporting threshold is a red flag for an AML Suspicious Transaction Report. Genuine over-limit needs are not done under LRS at all — they require the specific FEMA approval route, not a workaround.

Step 1 — engage the LSP / DLA with the lender owning accountability. The regulated entity does due diligence on the LSP, puts a written outsourcing arrangement in place, and publicly names the DLAs / LSPs engaged on its behalf. Outsourcing the front end does not outsource the obligation — the lender remains responsible for compliance, customer conduct and data handling end-to-end.

Step 2 — disclose a Key Fact Statement (KFS) with the all-in APR before the borrower commits. Up front, in a standardised KFS, the borrower must see the all-inclusive Annual Percentage Rate (APR) — interest plus all fees and charges — the recovery mechanism, the cooling-off terms and the grievance contact. There are to be no hidden charges: any cost not in the KFS cannot be levied. Confirm the exact KFS fields and any charge caps on the official source.

Step 3 — honour the cooling-off / look-up period and disburse straight to the borrower. The borrower gets a cooling-off (look-up) window to exit by repaying principal plus the proportionate APR without penalty. All loan disbursals and repayments flow directly between the borrower’s and the regulated entity’s bank accounts — never through an LSP’s or any third-party pass-through / pool account — and fees owed to the LSP are paid by the lender, not collected from the borrower.

Step 4 — data consent, localisation & grievance / recovery conduct. Collect only need-based data with explicit, auditable borrower consent and an option to deny/revoke; store data on servers in India per the localisation requirement; and route any default-loss-guarantee (DLG) arrangement within the prescribed cap. Provide a nodal grievance officer and let unresolved complaints escalate to the RBI Ombudsman; recovery must follow the fair-practices conduct rules. Confirm the current DLG cap and data rules on the official source.

Step 1 — issue only on an explicit request, never unsolicited. A card (or an add-on card, or a credit-limit enhancement) is issued only with the customer’s clear, documented consent — no unsolicited cards and no unilateral limit increases. The customer is screened on an independent credit assessment, and a co-branding partner stays a pass-through that cannot access the cardholder’s transaction data beyond what is permitted. Confirm the consent and co-branding conditions on the official source.

Step 2 — disclose the Most Important Terms & Conditions (MITC) up front. Before the customer commits, give a standalone MITC document in clear language — the finance/interest rate and how it is computed, the fees and charges, the billing cycle, the minimum-amount-due mechanics and the grievance contact. There are to be no hidden charges: a cost not disclosed in the MITC cannot later be levied, and any change must be notified with prior notice.

Step 3 — activate only with consent, and honour the no-use closure rule. If the card is not activated within the prescribed window after issuance (commonly cited as 30 days), the issuer must seek One-Time-Password-based explicit consent before activating it; if the customer does not consent, the card account is closed without any cost to the customer within the prescribed time (commonly cited as 7 working days). Confirm the exact activation window and closure timeline on the official source.

Step 4 — fair billing, interest and grievance conduct. Bills go out with enough time to pay before the due date; unpaid charges, levies or taxes are not capitalised for charging or compounding interest; closure requests are completed within the prescribed working days (a per-day penalty to the customer is cited for delay — confirm the amount on the source); and credit-information reporting needs customer consent. Unresolved complaints escalate to the RBI Ombudsman.

Step 1 — allot transparently on a model agreement. The branch maintains a branch-wise list of vacant lockers and a wait-list (with acknowledged numbers) so allotment is transparent, and executes the standardised model locker agreement — a copy goes to the customer. The locker is not tied to the customer buying unrelated products; the only permitted security is a term deposit covering rent and charges (below), not bundling.

Step 2 — rent and the permitted term-deposit security, no over-asking. At allotment the bank may take a fixed deposit that covers the locker rent for a prescribed period plus the charges of breaking open in an eventuality — but it may not insist on such a term deposit from existing locker holders or demand an unreasonable amount. Confirm the permitted cover period on the official source.

Step 3 — duty of care and the bank’s defined liability. The bank owes a duty of care for the security of the strong-room (proper safeguards, access control, and the steps a prudent custodian takes). Where loss is due to the bank’s own shortcoming — fire, theft, burglary, building collapse, or fraud by bank staff — the bank’s liability is defined as a multiple of the annual locker rent (commonly cited as up to 100 times the annual rent — confirm on the source). It is not liable for losses from natural calamities or the customer’s own fault where it has shown due care, and the contents are otherwise the customer’s own risk.

Step 4 — access alerts, nomination and due-process before breaking open. The customer gets an email/SMS alert on the day the locker is accessed (a fraud check), nomination/survivorship is honoured so a nominee or survivor can access contents on the hirer’s death, and a locker is broken open only with due notice and process for unpaid rent or long non-operation. Unresolved complaints escalate to the RBI Ombudsman.

Step 1 — identify the route: nomination, survivorship, or neither. If the account carries a valid nomination, the nominee is the bank’s receiver and the balance is released to them. If it is a joint account with a survivorship mandate (“either or survivor”, “former or survivor”), the balance passes to the surviving holder per the mandate. Only where there is neither a nominee nor a survivorship clause does the claim fall to the legal heirs.

Step 2 — do not over-ask for documents. Where a nominee or survivor exists, the bank should settle on proof of death and identification of the claimant — it should not insist on succession certificates, probate or letters of administration, and a nominee receives the funds as a trustee for the legal heirs, not as the owner. Demanding heavy legal documents where they are not required is exactly the conduct the guidance is meant to prevent.

Step 3 — for accounts without nomination or survivorship, follow the threshold-based simplified process. Banks fix a board-approved threshold below which claims are settled on a simple set of papers — typically an indemnity and, where needed, sureties — rather than full legal representation; above the threshold the bank’s board-approved policy specifies what is required. Confirm the bank’s own threshold and document list on its policy and the official source.

Step 4 — settle within the service window and deal with the loose ends. The settlement is to be completed within the time the bank commits in its customer-service policy (delay attracts the bank’s own compensation policy), pending interest on term deposits is paid, standing instructions and auto-debits are stopped, any locker or articles in safe custody are dealt with under the locker rules, and an unresolved grievance escalates to the bank’s Internal Ombudsman and then the RBI Ombudsman.

Step 1 — classify correctly: only a customer-induced transaction resets the clock. An account turns inoperative after the regulatory dormancy period with no customer-induced debit or credit; bank-induced entries (interest credit, charges) do not count as activity. Confirm the exact dormancy threshold on the official source. Mis-classifying an active account as dormant is itself the failing the rule is meant to prevent.

Step 2 — do not penalise the dormant customer. The bank must keep crediting interest on a savings balance even while inoperative, must not levy charges for non-maintenance of minimum balance on inoperative accounts, and must not freeze the customer out — the dormant flag is a fraud-control measure, not a penalty. Beneficial credits (e.g. a pension or a direct-benefit transfer) should continue to be allowed in.

Step 3 — trace, intimate, and reactivate with fresh KYC and no charge. Run the annual review, contact the customer, nominee or legal heir, and make reactivation simple: updated KYC with no activation charge, through any branch and digital channels, completed within the committed service window. Surface dormant balances proactively rather than waiting for the customer to discover the problem.

Step 4 — unclaimed deposits move to the DEA Fund, but the right to claim survives. A deposit unclaimed for the long statutory period is transferred to RBI’s Depositor Education & Awareness (DEA) Fund — yet the depositor (or heir) can still reclaim it from the bank at any time with interest, and the bank then recovers from the Fund. Point claimants to RBI’s UDGAM unclaimed-deposit search portal, and confirm the unclaimed timeline and process on the official source.

Step 1 — establish the “wilful” element, not mere default. A wilful default needs more than non-payment: capacity to pay yet deliberate default, or diversion of funds away from the financed purpose, or siphoning so the money is not available as assets, or disposal of secured collateral without consent. Genuine business failure is not wilful default. The account must also be above the regulatory outstanding threshold — confirm the current figure on the official source.

Step 2 — the Identification Committee frames a case and issues a show-cause notice. A first-stage Identification Committee examines the evidence and, where a prima-facie case exists, issues a show-cause notice to the borrower, promoter, whole-time directors and guarantors, giving a reasonable opportunity to make a written representation. Natural justice is the spine of the process — no one is tagged unheard.

Step 3 — the Review Committee decides by a reasoned, speaking order. A higher Review Committee (chaired by the MD/CEO, with independent directors) considers the representation and records a written, reasoned speaking order confirming or dropping the classification, within the regulatory timeline. The order must engage with the borrower’s defence, not merely assert the conclusion.

Step 4 — report, apply consequences, and allow remediation. A confirmed wilful default is reported to the Credit Information Companies; consequences follow — no additional credit facilities from lenders, a bar on floating new ventures for the prescribed period, and possible criminal/recovery action. The label is not permanent: on remediation and removal of the cause it can be lifted, and a one-time-settlement / compromise route is not foreclosed where the framework permits.

Step 1 — watch the early-warning SMA buckets. Before an account turns NPA it is flagged as a Special Mention Account: SMA-0 when principal/interest is overdue but for fewer than 31 days, SMA-1 at 31–60 days overdue, SMA-2 at 61–90 days overdue. These buckets drive day-end reporting (large accounts to CRILC) and early resolution — the point is to act before the 90-day line, not after.

Step 2 — apply the 90-day NPA test, system-driven and day-end. A term loan becomes an NPA when interest and/or principal stay overdue for more than 90 days; for cash credit / overdraft the account is NPA if it stays “out of order” (continuously over the limit/drawing power, or no credits to cover interest) for the threshold period. Classification must be objective and system-driven (flagged at day-end), not at the manager’s discretion — and it is borrower-wise: if one facility is NPA, all facilities of that borrower are treated as NPA.

Step 3 — sub-classify and provide. An NPA is graded sub-standard, then doubtful, then loss as it ages, and provisioning rises with that grade and with whether the exposure is secured or unsecured. Once an account is NPA, interest can no longer be booked to income on an accrual basis (income recognition stops) — it is taken to income only on actual realisation. The exact provisioning percentages and ageing periods are set by RBI; confirm the current figures on the official source rather than relying on a remembered number.

Step 4 — upgrade only on full clearance. An NPA can be upgraded back to “standard” only when the entire arrears of interest and principal are paid — partial payment does not upgrade it. A restructured account follows its own asset-classification treatment under the resolution / Prudential Framework path, and a genuinely unrecoverable account moves toward compromise settlement or sale to an ARC.

Step 1 — confirm it is a permitted DLG, on a written contract. A DLG is an explicit contractual arrangement under which the RE is compensated, up to an agreed cap, for losses on a defined loan portfolio by an eligible provider (typically the Lending Service Provider / sourcing partner, itself a regulated or eligible entity). It must rest on a legally enforceable, board-approved contract — not an informal side-letter — and the RE’s own due diligence on the DLG provider’s ability to honour it is mandatory.

Step 2 — cap and form of the cover. The DLG cover on a portfolio is capped as a percentage of the outstanding amount, and may be held only in permitted forms — a cash deposit, a lien-marked fixed deposit, or a bank guarantee in the RE’s favour. The exact ceiling percentage and the eligible forms are set by RBI; confirm the current figures on the official source rather than relying on a remembered number. DLG cannot be structured to mimic a synthetic securitisation or to move the portfolio off the RE’s books.

Step 3 — asset classification and provisioning stay with the RE. Crucially, the existence of DLG does not change how the RE recognises a bad loan: each loan is classified and provided for on the RE’s own books under the IRAC norms (the 90-day NPA test, sub-standard→doubtful→loss ageing) irrespective of the guarantee. DLG is invoked within the timeline RBI prescribes (confirm on the official source), and recovery efforts on the underlying loans continue; the credit-underwriting responsibility remains with the RE throughout.

Step 4 — disclosure, tenor and governance. The RE adopts a board-approved DLG policy, discloses the total amount of DLG portfolios it carries, and makes clear to the borrower that DLG is a lender-side arrangement — not a guarantee given to the customer. The DLG contract’s tenor cannot be shorter than the longest loan it covers, and the arrangement is subject to the same Digital Lending conduct, KFS/APR-disclosure and grievance rules.

Step 1 — establish non-resident status and re-designate existing accounts. Confirm the customer is an NRI/PIO under FEMA (driven by residential status, not citizenship) with the prescribed proof. On change of status the bank must re-designate the former resident account — a resident savings account is converted to an NRO account (or closed), not left running as-is. Fresh KYC for non-residents is captured and the account opened only after due diligence.

Step 2 — pick the account by source of funds and repatriability. An NRE (Non-Resident External, rupee) account holds foreign earnings converted to rupees and is freely repatriable (principal and interest can go back abroad); an NRO (Non-Resident Ordinary, rupee) account holds India-source income such as rent, dividends or a local pension and is repatriable only up to the prescribed annual ceiling, subject to tax and documentation; an FCNR(B) (Foreign Currency Non-Resident, Bank) account is a term deposit held in permitted foreign currency, so the depositor carries no rupee exchange-rate risk and it too is freely repatriable. Confirm the current NRO repatriation ceiling and the permitted FCNR currencies/tenors on the official source.

Step 3 — apply the tax and interest treatment that goes with each. Interest on NRE and FCNR(B) deposits is, on the present rules, exempt from Indian income tax while the holder is a non-resident; interest on an NRO account is taxable and subject to TDS. Deposit pricing follows RBI’s interest-rate framework for non-resident accounts (NRE/NRO rupee rates are aligned to comparable domestic deposits; FCNR(B) rates sit within RBI’s ceiling) — confirm the current rate-cap basis on the official source rather than quoting a remembered number.

Step 4 — permitted transactions, joint holding and reporting. Operate the account within the permitted credits/debits for its type, allow joint holding only on the permitted basis (e.g. with another non-resident, or with a resident relative on the ‘former or survivor’ basis as permitted), and capture remittances and returns under the bank’s FEMA reporting. On the customer’s return to India the accounts are re-designated back to resident status (or moved to RFC where eligible). Throughout, the official FEMA / RBI rules govern eligibility, repatriation and reporting.

Step 1 — put a board-approved master agreement in place. Co-lending runs on a written, board-approved agreement between the bank and the NBFC that fixes the customer segment, the joint underwriting standards, the sharing of risk and income, the operational mechanics and the grievance/escalation path. The bank’s own credit policy and risk appetite govern its share — it cannot outsource the credit decision to the partner.

Step 2 — keep the NBFC’s ‘skin in the game’ and the prescribed sharing. Under the CLM the NBFC retains a minimum share of each individual loan on its own books (it does not originate-and-fully-offload), and the bank takes the balance, with interest income and any loss shared in the agreed proportion. Treat the exact minimum-retention percentage and the income/risk-sharing split as set by the RBI guideline and confirm the current figures on the official source rather than quoting a remembered number — the principle is shared exposure, not a pass-through.

Step 3 — one borrower, one blended rate, single-point interface. The borrower deals with a single interface and gets a single blended interest rate that fairly reflects each lender’s cost of funds and the agreed spread; the all-in rate, fees and the identity of both lenders are disclosed up front under fair-practices and KYC norms. Each lender does its own KYC/AML on the common borrower — reliance on the partner’s KYC is only on the permitted basis. An escrow/joint mechanism handles collection and the proportionate flow of repayments.

Step 4 — asset classification, provisioning and priority-sector credit stay aligned. Each lender classifies and provisions its own portion under the RBI IRAC rules (see the NPA / IRAC scenario), and priority-sector classification accrues to the bank only for the portion that meets PSL conditions on its books. Data, reporting to credit information companies and the grievance machinery operate jointly so the borrower is never caught between the two lenders. Throughout, the official RBI Co-Lending guideline governs eligibility, the sharing and the conduct.

Step 1 — confirm the account is NPA and the security is eligible. SARFAESI can be invoked only after the account is classified non-performing under the RBI IRAC rules, and only against eligible secured assets — certain assets and small-value or agricultural-land exposures fall outside the Act. Verify the charge is validly created and registered (e.g. with the Central Registry, CERSAI) and that the outstanding crosses the threshold the Act prescribes before any notice goes out.

Step 2 — issue the Section 13(2) demand notice and give the cure window. The secured creditor serves a written demand notice under Section 13(2) calling on the borrower to discharge the full liability within the statutory period; treat the exact notice/cure window as set by the Act and confirm the current period on the official source rather than quoting a remembered number. The notice must detail the amount and the secured assets intended to be enforced. The borrower may make representations/objections, and the creditor must consider them and communicate reasons if it does not accept them — a real, not token, step.

Step 3 — on default after the window, take Section 13(4) measures. If the borrower does not pay within the window, the authorised officer may take one or more Section 13(4) measures — take possession of the secured asset (symbolic or physical), take over management, appoint a manager, or require a person who owes money to the borrower to pay the creditor. Possession, valuation and sale follow the Security Interest (Enforcement) Rules, including fair valuation and proper sale notice so the borrower’s equity of redemption is respected until the sale is completed.

Step 4 — respect the borrower’s remedy and the priority waterfall. An aggrieved borrower can apply to the Debts Recovery Tribunal (DRT) under Section 17 against the enforcement measures, with a further appeal route; courts are largely ousted but the DRT remedy and natural justice are not. Sale proceeds are applied to costs and then the secured debt, with any surplus returned to the borrower, and inter-creditor priority (including any statutory dues ranking) is observed. Throughout, the bank documents each step, links the official statute/RBI guidance, and never asserts a figure it has not confirmed on the source.

Step 1 — know the three roles. The Financial Information Provider (FIP) holds the data (a bank, NBFC, mutual fund, insurer, pension or tax record); the Financial Information User (FIU) consumes it for a service such as lending; and the NBFC-AA is the consent manager that routes the data between them. A bank is typically both — an FIP for its own account-holders and an FIU when it underwrites. Crucially the AA is data-blind: it cannot read, store or use the financial information it carries; it only manages consent and transport.

Step 2 — onboard and integrate through a licensed AA. Register / contract as an FIU (and/or FIP) with one or more RBI-licensed Account Aggregators and integrate to the common consent and data-sharing architecture (the standard APIs), so requests, consents and encrypted data exchange flow through the AA rather than point-to-point. The AA must hold a valid RBI Certificate of Registration as an NBFC-AA — deal only with licensed entities.

Step 3 — obtain explicit, granular, revocable consent and minimise. Nothing is fetched without the customer’s electronic consent artefact, which specifies the purpose, the exact data types, the date range, the fetch frequency (one-time or recurring) and the consent duration. Take only what the stated purpose needs (data minimisation) — not a blanket pull — and surface the purpose plainly so consent is informed. The customer can revoke the consent at any time.

Step 4 — use within purpose, secure it, and honour revocation. Use the received data only for the consented purpose, never reuse it beyond that purpose, secure and retain it per the applicable RBI data and IT / cyber-security rules, and stop pulling once consent is revoked or expires. Keep an auditable record linking each data pull to its consent artefact. Treat AA data as one input to credit appraisal — it speeds and strengthens underwriting but does not replace the bank’s own credit decision or its KYC/AML obligations.

Step 1 — choose the benchmark regime. For most new floating-rate retail and MSME loans the rate is tied to an External Benchmark Lending Rate (EBLR) — an outside, publicly visible benchmark such as the RBI policy repo rate or another published market benchmark — so the bank cannot quietly set the reference itself. Other / legacy loans may sit on the bank’s internal Marginal Cost of Funds-based Lending Rate (MCLR). The bank applies one transparent benchmark per applicable loan category; which loans must be externally benchmarked is fixed by the RBI rulebook (confirm the current scope on the official source).

Step 2 — build the rate: benchmark + spread. The lending rate is benchmark + spread. The spread is itself made of components — the bank’s operating cost and margin, plus a borrower-specific credit-risk premium set from the borrower’s risk grade. The bank discloses the spread, and the credit-risk premium may change only on a clearly defined event (for example a material change in the borrower’s credit assessment), not arbitrarily.

Step 3 — set the reset cadence. An externally-benchmarked rate must be reset at the agreed frequency as the benchmark moves (the minimum reset frequency is prescribed by the RBI — told to confirm on the official source). At each reset the benchmark change is passed through; the borrower typically chooses to hold the EMI and adjust the tenor, or hold the tenor and adjust the EMI — the bank discloses this choice up front.

Step 4 — transparency & switch rights. Put the benchmark, the spread, the reset frequency and the reset mechanics in the sanction letter and the Key Facts Statement; communicate each reset to the borrower; and honour the borrower’s right to switch from an MCLR / base-rate loan to the external-benchmark regime on the applicable RBI terms. The same pricing transparency feeds the bank’s fair-practices and grievance-redress obligations, and the underlying asset quality still follows the IRAC norms independently of how the rate is priced.

Step 1 — ongoing monitoring throws an alert. The bank runs continuous transaction monitoring against the customer’s expected profile and risk category. A deviation — an unusually large or complex transaction with no apparent lawful purpose, a pattern inconsistent with the declared activity, or apparent structuring — raises an internal alert. Monitoring rules and any value thresholds are set by the rulebook (told to confirm on the official source); suspicion, not just a threshold, is what matters for an STR.

Step 2 — internal review & risk assessment. The alert is reviewed by the line and the AML team: revisit the customer due-diligence record, seek a plausible explanation / supporting documents where appropriate, and assess whether the activity is genuinely suspicious or has a legitimate basis. Enhanced due diligence applies to higher-risk customers. The reasoning is documented either way — a closed alert needs a recorded rationale just as a filed one does.

Step 3 — escalate to the Principal Officer. If suspicion stands, the case goes to the bank’s designated Principal Officer, the single accountable point for AML reporting. The Principal Officer decides whether to file and ensures the report captures the who, what and why. An STR is judged on reasonable grounds of suspicion — the bank does not need to prove an offence, and a transaction need not have completed to be reportable (attempted transactions can qualify).

Step 4 — file with FIU-IND, then keep operating quietly. The Principal Officer files the STR with the Financial Intelligence Unit–India (FIU-IND) within the prescribed time (the exact filing window is set by the rulebook — told to confirm on the official source). Critically, the bank must not tip off the customer that an STR has been or may be filed; tipping-off is itself prohibited. The account is handled per internal policy and any legal direction, records are retained for the prescribed retention period, and the same controls feed the bank’s wider fraud and customer-service governance.

Step 1 — the customer reports, through a channel that is always open. The bank must give customers a 24x7 way to report an unauthorised transaction (and to register a mobile number / email for transaction alerts up front). The clock that decides the customer’s liability starts from when the customer receives the alert, so prompt reporting is decisive. The bank acknowledges the complaint and logs the report date/time.

Step 2 — bank fault or third-party breach → zero liability. If the loss is due to the bank’s own negligence or a fault in the system, the customer bears nothing — regardless of whether the customer reported. The same zero-liability outcome applies to a third-party breach (neither the bank nor the customer at fault) if the customer reports within the prescribed early window (the exact number of days is set by the rulebook — told to confirm on the official source).

Step 3 — customer negligence, or a delay, → limited or higher liability. If the customer was negligent (for example sharing the PIN/OTP/credentials), the customer bears the loss until they report; after reporting, further loss shifts to the bank. Where neither party is at fault but the customer reports after the early window, a limited, capped liability can apply, graded by account/instrument type and growing with longer delay. The exact day-bands and any liability caps are set by the rulebook — told to confirm on the official source.

Step 4 — shadow reversal, then resolution within the prescribed time. Once a no-fault / bank-fault report is in, the bank credits (“shadow reverses”) the disputed amount to the customer’s account within the prescribed period so the customer is not out of pocket while the case is examined, and resolves the complaint within the outer time limit. The bank carries the burden of proving customer liability. If the customer is dissatisfied, the matter can be escalated to the bank’s internal grievance route and then the RBI Ombudsman; suspected fraud also feeds the bank’s fraud-reporting and AML controls.

Step 1 — recognise the default and start the clock. Lenders must run early-warning SMA classification and recognise a default promptly. From a defined reference date the lenders enter a review period during which they decide how to handle the exposure. The exact length of the review period is set by the Framework — confirm the current number of days on the official source rather than quoting a remembered figure.

Step 2 — sign an Inter-Creditor Agreement and design a resolution plan. Within the review period the lenders to the borrower enter an Inter-Creditor Agreement (ICA) that binds them to a common approach and sets how decisions are taken. They then frame a Resolution Plan (RP) — which may be a restructuring (revised terms, additional finance), a change in ownership/management, or a recovery route. Decisions bind all signatories once approved by the required majority by value and number; the exact approval thresholds are set by the Framework — told to confirm on the official source.

Step 3 — validate and implement the plan within the timeline. For larger aggregate exposures the RP must clear an independent credit evaluation (and, where required, be checked against rating-agency opinions) before it is implemented, and implementation has defined conditions (for example all documentation executed, the account standard and dues serviced for a specified period). If the RP is not implemented within the prescribed window the Framework bites — the lenders must make additional provisioning that escalates with delay (the percentages and day-bands are set by the Framework — told to confirm on the official source), which is the regulatory nudge to resolve rather than evergreen.

Step 4 — escalate to IBC or recovery if resolution fails; protect dissenters. If a viable RP cannot be agreed or implemented in time, lenders pursue recovery — a reference to the Insolvency and Bankruptcy Code (IBC) before the NCLT, or enforcement via SARFAESI / sale to an ARC. The ICA protects dissenting lenders (a minimum exit value at least equal to liquidation value of their security), and any restructuring still follows IRAC asset-classification and provisioning independently. Throughout, the bank documents each step, links the official RBI source, and never asserts a day-count or percentage it has not confirmed.

Step 1 — compute the reserve base (NDTL). Both reserves are a percentage of the bank’s Net Demand and Time Liabilities (NDTL) — broadly its deposit and other liabilities, net of inter-bank items, measured as on a reporting reference date. Get the base right first: an understated NDTL understates the required reserves and is itself a reporting breach. The exact composition and netting rules are set by the RBI — confirm them on the official source rather than from memory.

Step 2 — hold CRR with the RBI over the maintenance period. Keep the required CRR as a cash balance in the bank’s current account with the RBI. CRR is maintained on average over a maintenance fortnight, subject to a prescribed minimum daily balance on every day of the fortnight — so the treasury cannot run the balance to zero early and top up at the end. The CRR ratio, the fortnight mechanics and the daily-minimum percentage are set by the RBI — told to confirm on the official source; note that the cash kept as CRR generally earns no interest.

Step 3 — hold SLR in eligible assets and respect the encumbrance rule. Maintain the required SLR in prescribed liquid assets — cash, gold and approved securities, predominantly central and state government securities (G-Secs and SDLs). SLR securities must be unencumbered except to the limited extent the RBI permits (for example securities lodged for an intraday/standing facility). Banks in practice hold excess SLR as a liquidity buffer; the SLR ratio and the list of eligible assets are set by the RBI — told to confirm on the official source.

Step 4 — report, and treat any shortfall as a penalised breach. Report CRR/SLR positions to the RBI on the prescribed returns. A shortfall in either reserve is not a soft target — it attracts penal consequences (penal interest above the policy rate on the deficiency, and on persistent default further supervisory action), so the treasury monitors the position intraday and uses RBI liquidity windows rather than letting a reserve fall short. The penalty mechanics and rates are set by the RBI — told to confirm on the official source. Document the base, the holdings and the returns, and link the official source for every figure.

Step 1 — confirm eligibility and the one-account rule. Any individual may open a BSBDA. A customer may hold only one BSBDA across the banking system, and generally cannot hold a BSBDA and another regular savings account at the same time — so the first check is whether the customer already has one. The precise eligibility and one-account conditions are set by the RBI — confirm them on the official source rather than from memory.

Step 2 — complete KYC, full or as a Small Account. Onboard on full KYC where the customer has the documents, or, where they do not, open a Small Account on relaxed / simplified KYC subject to the operational caps the RBI prescribes — limits on the balance held, on total credits in a year and on withdrawals, and a window within which full KYC must be completed for the account to continue. The exact Small-Account limits and timelines are set by the RBI — told to confirm on the official source.

Step 3 — provide the free basic-services bundle with no minimum balance. A BSBDA carries no minimum-balance requirement and no penalty for non-maintenance, and a free basic bundle — deposits, a RuPay debit card, receipt/credit of money through electronic and ATM channels, and a prescribed number of free withdrawals in a month. Value-added services beyond the free set may carry reasonable, non-discriminatory charges disclosed up front. The exact free-withdrawal count and the boundary between free and chargeable services are set by the RBI — told to confirm on the official source.

Step 4 — record the protections and the redressal path. Flag the account as counting toward financial inclusion; note that its deposits are insured by the DICGC up to the statutory limit per depositor per bank; and apply the Fair Practices / customer-protection and grievance-redressal norms, including the Ombudsman as the escalation route. Document the eligibility check, the KYC basis and the services bundle, and link the official source for every condition.

Step 1 — charge a penal “charge”, not penal “interest”. On a breach of a material term, the lender levies a flat penal charge for the non-compliance. It is not added to the rate of interest, and there is no capitalisation — no further interest is computed on the penal charge itself. The whole point of the framework is that default penalties are a deterrent for credit discipline, not a hidden way to raise the effective yield.

Step 2 — keep the charge reasonable, board-policy-driven and non-discriminatory. The quantum is commensurate with the default, set under a board-approved policy, and applied without discrimination within a loan/product category. For loans to individuals for purposes outside business, the penal charge is not to be higher than that applied to non-individual borrowers for a similar default. The exact quantum and any caps are set by the RBI and the lender’s board policy — told to confirm on the official source.

Step 3 — disclose it up front and on every reminder. The quantum and the reason for penal charges are disclosed clearly in the loan agreement and the Key Facts Statement / Most Important Terms & Conditions, and displayed on the lender’s website under interest rates and service charges. Whenever a reminder for non-compliance goes out, the applicable penal charge is communicated; and when a charge is actually levied, the reason is conveyed to the borrower.

Step 4 — respect the carve-outs and the redressal route. The framework covers the lender’s loan book broadly but does not override products with their own RBI directions — credit cards, external commercial borrowings, trade credits and certain structured obligations follow their own rules. A borrower who believes a penal charge is unfair uses the grievance-redressal path, with the RBI Ombudsman as the escalation backstop. The precise scope and exclusions are set by the RBI — told to confirm on the official source.

Step 1 — adopt a board-approved cyber-security policy, distinct from the IT policy. The bank’s board approves a dedicated cyber-security policy — separate from the general IT / IS policy — that sets the risk appetite, roles and the control baseline. The expected depth is graded to the bank’s size, systems and digital footprint, so a larger / more digital bank carries a heavier control set; the exact tiering is set by the RBI — told to confirm on the official source. Cyber risk is owned at board level, not delegated away to the IT team.

Step 2 — put in the baseline controls, a CISO and continuous surveillance. Implement the minimum baseline cyber-security controls — network and endpoint protection, access control and least privilege, secure configuration, patch and vulnerability management, and logging. Appoint a Chief Information Security Officer (CISO) responsible for the framework, and run continuous surveillance (a Security Operations Centre / SOC) so threats are watched in real time rather than discovered after the fact. Security is designed in, not bolted on.

Step 3 — detect, contain and report cyber incidents to the RBI within the window. Maintain a Cyber Crisis Management Plan (CCMP) to detect, respond to, contain and recover from incidents. When a cyber incident occurs, it must be reported to the RBI within the prescribed window — treat the exact timeline as set by the RBI and confirm it on the official source rather than quoting a remembered number. Prompt, honest reporting is the rule; concealing or delaying an incident is itself the failing the framework is built to prevent.

Step 4 — test, govern and extend to third parties and customers. Run periodic vulnerability assessment and penetration testing (VAPT), a gap assessment against the framework, and drills; report posture to the board / IT-strategy committee; extend the controls to outsourced / third-party providers (the bank stays accountable for a vendor’s lapse); and run customer-awareness so the human layer is covered too. The precise control list, testing cadence and reporting formats are set by the RBI — told to confirm on the official source.

Step 1 — adopt a board-approved outsourcing policy and never outsource core functions. The board (or a designated committee) approves an outsourcing policy setting the criteria, approval levels and roles. Crucially, certain core management functions cannot be outsourced — for example internal audit, compliance, the KYC norm-setting and decision-making, and sanction of loans — because outsourcing these would hand away the bank’s own judgement. The activity may move out; the decision-making and accountability stay in.

Step 2 — classify the arrangement and run due diligence. Decide whether it is material outsourcing (one whose failure would materially affect the bank’s operations, reputation, customers or ability to meet obligations) and apply heavier governance accordingly. Before signing, run due diligence on the service provider’s competence, financial soundness, reputation, security posture and conflicts, and assess concentration risk if many functions sit with one vendor. The depth of scrutiny scales with how critical the function is.

Step 3 — lock the controls into the contract: RBI access, confidentiality, BCP and exit. The outsourcing agreement must preserve the bank’s control: the RBI’s right (and the bank’s and its auditors’) to access and inspect/audit the service provider and its records; protection of customer data confidentiality and security, with controls on sub-contracting; a tested business-continuity plan so a vendor failure does not interrupt service; and a workable exit / contingency plan so the bank can bring the activity back in-house or move it without disruption.

Step 4 — keep ownership: monitor the vendor and own the customer relationship. The bank monitors the provider’s performance and controls on an ongoing basis, retains a grievance-redressal path the customer can use against the bank (a customer should not be worse off for the activity being outsourced), and reports / governs material arrangements at board level. Where a vendor lapse harms a customer, the liability sits with the bank — consistent with the grievance-redressal and customer-protection scenarios. The exact materiality thresholds, prohibited-function list and reporting formats are set by the RBI — told to confirm on the official source.

Step 1 — measure risk-weighted assets, then hold capital against them. Each exposure is multiplied by a risk weight reflecting its riskiness (a sovereign bond, a home loan and an unsecured corporate loan are not treated alike), and the totals across credit, market and operational risk give risk-weighted assets (RWA). CRAR is regulatory capital divided by RWA. The minimum CRAR, the individual risk weights and the operational/market-risk approaches are all set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — hold the right quality of capital, not just the quantity. Capital is tiered. Common Equity Tier 1 (CET1) — paid-up equity and reserves — is the highest, loss-absorbing layer; Additional Tier 1 and Tier 2 instruments sit above it. The framework sets a minimum for CET1, for Tier 1, and for total CRAR, so a bank cannot meet the headline ratio with weak instruments alone. The exact minimum for each tier is set by the RBI — told to confirm on the official source.

Step 3 — carry the buffers on top of the minimum. Above the minimum CRAR the bank holds a Capital Conservation Buffer (CCB) of CET1; a Countercyclical Capital Buffer can be switched on by the RBI in exuberant times; and a systemically important bank (D-SIB) carries an additional surcharge. Eating into the buffer is allowed but triggers restrictions on discretionary distributions (dividends, buybacks, bonuses) until it is rebuilt — the buffer is meant to be usable in stress, not breached casually. The buffer sizes and the distribution-restriction grid are set by the RBI — told to confirm on the official source.

Step 4 — run ICAAP, the leverage ratio and board oversight; report to the RBI. Beyond the minimum (Pillar 1), the bank runs its own Internal Capital Adequacy Assessment Process (ICAAP) under Pillar 2 to judge whether it holds enough capital for all its risks, stress-tests its capital plan, and watches a non-risk-based leverage ratio as a backstop. The board owns the capital plan; the ratios are reported to the RBI on the prescribed returns and disclosed under Pillar 3. The ICAAP expectations, leverage minimum and disclosure formats are set by the RBI — told to confirm on the official source.

Step 1 — hold enough high-quality liquid assets to cover a 30-day stress (LCR). The bank computes its expected net cash outflows over a 30-day stress scenario — deposits running off, lines being drawn — and holds a stock of High Quality Liquid Assets (HQLA) (cash, central-bank reserves, eligible government securities) at least equal to it, so LCR = HQLA / net 30-day outflows stays above the regulatory minimum. The minimum LCR, the HQLA categories and haircuts, and the deposit run-off / inflow rates are all set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — fund long-term assets with stable funding (NSFR). Over a one-year horizon the bank keeps Available Stable Funding (capital, retail and other sticky deposits, long-term wholesale funds) at least equal to the Required Stable Funding its assets demand, so it is not financing illiquid loans with flighty overnight money. The available- and required-stable-funding factors are set by the RBI — told to confirm on the official source.

Step 3 — monitor, govern and report. The bank measures both ratios on the prescribed frequency, runs internal liquidity stress tests and an early-warning framework, sets a board-approved liquidity-risk appetite and contingency funding plan, and reports LCR / NSFR (and supporting monitoring tools) to the RBI on the prescribed returns with public disclosure. The reporting frequency, formats and disclosure requirements are set by the RBI — told to confirm on the official source.

Step 4 — a buffer to be used, not breached casually. The HQLA stock is meant to be drawn down in genuine stress — a bank may fall below the minimum LCR during a real liquidity event — but it must promptly inform the RBI and restore the ratio, and persistent or unexplained breaches invite supervisory action. The conditions for permitted drawdown and the supervisory response are set by the RBI — told to confirm on the official source.

Step 1 — measure the risk two ways. The bank assesses IRRBB through both lenses the RBI prescribes: an earnings lens — how net interest income changes over a short horizon if rates shift (a repricing / gap analysis) — and an economic-value lens — how the present value of the banking book (the “Economic Value of Equity”, EVE) changes when the yield curve is shocked. The standardised shock scenarios, time buckets and the EVE / NII measurement approach are set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — apply the prescribed interest-rate shock scenarios. The bank runs its book through a set of standardised yield-curve shocks (parallel up / down, steepener, flattener, short-rate up / down) and measures the change in EVE and in projected earnings, including behavioural assumptions for non-maturity deposits, prepayments and embedded options. The exact shock sizes, the supervisory outlier threshold and the behavioural-modelling constraints are set by the RBI — told to confirm on the official source.

Step 3 — govern within a board-set risk appetite. The board sets the IRRBB risk appetite and internal limits; the ALCO (Asset-Liability Management Committee) monitors gaps and the EVE / earnings sensitivity against those limits, decides hedging (e.g. duration management, interest-rate swaps), and escalates breaches. The limit framework and ALM governance expectations are set by the RBI — told to confirm on the official source.

Step 4 — report, disclose and stay below the outlier test. The bank reports its IRRBB measures to the RBI on the prescribed returns and makes the prescribed disclosures; if the economic-value impact of the standard shocks exceeds the supervisory outlier threshold (a defined share of capital), it draws supervisory attention and may face additional capital or corrective action under Pillar 2. The reporting formats, disclosure templates and the outlier threshold are set by the RBI — told to confirm on the official source.

Step 1 — monitor the prescribed risk indicators. The RBI tracks each bank against a small set of headline risk thresholds — broadly its capital (the CRAR / CET1 ratio), its asset quality (the Net NPA ratio) and its leverage (the leverage ratio). The exact indicators, the threshold levels and the risk-category bands are set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — breach a threshold → enter a PCA risk category. If a bank crosses one of these thresholds it is placed under PCA in a graded risk category (the deeper the breach, the higher the category and the tighter the constraints). The categorisation and the breach levels that trigger each band are set by the RBI — told to confirm on the official source.

Step 3 — mandatory and discretionary corrective actions apply. Once under PCA the bank faces a defined set of restrictions — mandatory ones (such as curbs on dividend distribution and profit remittance) plus discretionary supervisory actions that can include limits on branch expansion, restrictions on certain lending or balance-sheet growth, higher provisioning, and management / governance interventions — all aimed at conserving capital and de-risking the balance sheet. The precise menu of mandatory vs discretionary actions for each category is set by the RBI — told to confirm on the official source.

Step 4 — restore, then exit PCA. The bank works back above the thresholds — raising capital, reducing NPAs, strengthening governance — and once it sustains the required indicators (typically over a monitored period and confirmed by on-site supervision) the RBI lifts PCA and the restrictions fall away. The exit criteria and the sustained-compliance period are set by the RBI — told to confirm on the official source.

Step 1 — the bank decides, but a rejection routes through the Internal Ombudsman. The customer complains to the bank and the bank examines it under its grievance policy. Before the bank issues a full or partial rejection (or fails to resolve within the prescribed period), the case must be referred to the bank’s independent Internal Ombudsman (IO) for review — an apex internal check so the bank does not reject valid complaints on its own. The categories that must be auto-escalated to the IO and the IO’s mandate are set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — the customer can approach the RBI Ombudsman. If the bank rejects the complaint, does not reply within the prescribed period, or the customer remains dissatisfied, the customer may file — free of charge — with the RBI Ombudsman under the Integrated Ombudsman Scheme, through the RBI’s online portal, email or post. The eligibility conditions, the cooling-off / waiting period and the time limit for filing are set by the RBI — told to confirm on the official source.

Step 3 — conciliation, then an Award. The Ombudsman first tries to settle the dispute by agreement / conciliation; failing that, the Ombudsman can pass an Award directing the bank to remedy the deficiency and, where applicable, pay compensation for the customer’s loss (and a separate capped amount for harassment / mental anguish). The compensation ceilings and the Award process are set by the RBI — told to confirm on the official source.

Step 4 — binding effect, appeal and the bank’s duties. An accepted Award binds the bank, which must comply within the prescribed time; the bank (or customer) has a defined right of appeal to the RBI Appellate Authority. Throughout, the bank must display the RB-IOS / Ombudsman details at branches and on its website and name a Principal Nodal Officer. The compliance timelines, appeal rights and display obligations are set by the RBI — told to confirm on the official source.

Step 1 — supervisory action escalates to a moratorium. If a bank’s position keeps deteriorating despite PCA and other supervisory measures, the RBI can recommend, and the Central Government can impose, a moratorium on the bank under the Banking Regulation Act — a defined period during which the bank’s obligations are frozen / capped to stabilise it and protect depositors while a resolution is arranged. The grounds for a moratorium and its maximum duration are set by statute — told to confirm on the official source rather than quoted from memory.

Step 2 — depositors are protected by DICGC deposit insurance. Every eligible depositor of an insured bank is covered by the Deposit Insurance and Credit Guarantee Corporation (DICGC), a wholly-owned RBI subsidiary, up to a prescribed limit per depositor per bank (covering principal and interest together, across all accounts in the same right and capacity). If a bank goes into liquidation or is otherwise unable to pay, DICGC settles eligible claims within a prescribed window; even during a moratorium, depositors can be allowed access to their insured amount. The exact cover limit and the payout timeline are set by the DICGC framework — told to confirm on the official source. See the Deposit Insurance dashboard.

Step 3 — resolution by amalgamation, merger or a scheme. While the moratorium runs, the RBI prepares a scheme of amalgamation / reconstruction — typically merging the failing bank into a stronger bank (or restructuring it) so deposits and operations continue with minimal disruption. The scheme sets how depositors, borrowers, employees and shareholders are treated and is notified by the Government on the RBI’s recommendation. The mechanics and approvals of a resolution scheme are set by the RBI / statute — told to confirm on the official source.

Step 4 — continuity and the depositor’s position. On amalgamation, the transferee bank generally honours deposits per the scheme so most depositors face no loss; where a bank is instead liquidated, DICGC cover up to the prescribed limit is the depositor’s primary protection and any balance above it ranks as a claim in the liquidation. The order of priority and any haircuts are governed by the applicable law — told to confirm on the official source.

Step 1 — a board-approved operational-risk framework. The board sets the bank’s operational-risk appetite and approves a framework covering people, process, systems and external events, operated through the three lines of defence (the business owns its risks; an independent risk & compliance function oversees; internal audit assures). Losses and near-misses are captured, and key risk indicators are tracked. The governance structure and reporting lines are set by the RBI / the bank’s policy — told to confirm on the official source rather than quoted from memory.

Step 2 — map critical operations and set impact tolerances. The bank identifies the services whose disruption would cause the most harm to customers, the bank or financial stability, maps the people, processes, technology, data and third parties each depends on, and sets impact tolerances — the maximum tolerable level and duration of disruption. The classification of “critical” operations and how tolerances are set follow the RBI’s operational-resilience guidance — told to confirm on the official source.

Step 3 — business continuity, disaster recovery and third-party resilience. Each critical operation is backed by a Business Continuity Plan and tested disaster-recovery arrangements (alternate sites, data backups, recovery objectives), and the resilience of material outsourced / third-party dependencies is assured — the accountability stays with the bank, dovetailing with the outsourcing scenario. Recovery-time / recovery-point objectives are set by policy within the RBI framework — told to confirm on the official source.

Step 4 — incident management, testing and RBI reporting. The bank runs an incident-management process to detect, contain, recover from and learn from operational disruptions, validates the framework through scenario analysis and resilience testing, and reports material incidents / outages to the RBI within the prescribed window with board oversight of the lessons learned. The incident-tiering and reporting timelines are set by the RBI — told to confirm on the official source.

Step 1 — board-approved climate-risk governance and strategy. The board takes ownership of climate-related financial risk, embeds it into the bank’s existing risk-management framework and business strategy, and assigns clear roles and responsibilities for identifying, monitoring and managing it. The governance expectations and how climate risk is to be embedded are set by the RBI’s guidance — told to confirm on the official source rather than quoted from memory.

Step 2 — identify and assess physical and transition risk across the book. The bank maps the channels through which climate risk transmits into its traditional risk categories — credit, market, liquidity and operational risk — and runs a materiality assessment across sectors, geographies and collateral types to find concentrations of exposure. The assessment methodology follows the RBI’s climate-risk guidance — told to confirm on the official source.

Step 3 — scenario analysis and stress testing. The bank builds a forward-looking capability to test its resilience to climate scenarios over both short and long horizons, and feeds the results into capital and liquidity planning (dovetailing with ICAAP / capital adequacy). The scope, scenarios and horizons are set by the RBI framework — told to confirm on the official source.

Step 4 — disclosure under the RBI climate-related financial risk disclosure framework. The bank discloses its climate-related financial risk across the four pillars — governance, strategy, risk management, and metrics & targets — on the phased timeline the RBI prescribes. The applicability, the precise disclosure contents and the phased go-live dates are set by the RBI — told to confirm on the official source.

Step 1 — charter, independence and Audit Committee oversight. The Audit Committee of the Board (ACB) approves an internal-audit policy / charter and owns the function. Internal audit is kept independent of the business lines it reviews — it reports functionally to the ACB, and the Head of Internal Audit is given the stature, tenure and unrestricted access needed to do the job without conflict. The governance and reporting-line expectations are set by the RBI’s RBIA framework — told to confirm on the official source rather than quoted from memory.

Step 2 — risk assessment and the risk-based audit plan. The function builds an audit universe of auditable units and scores each on inherent risk and the strength of its controls to derive a residual risk rating. That rating drives the plan: higher-risk units are audited more frequently and in greater depth, lower-risk units less so. The risk-assessment methodology and the planning approach follow the RBI’s RBIA guidance — told to confirm on the official source.

Step 3 — execution, risk rating and reporting to the ACB. Audits are conducted, each unit is assigned a risk rating, findings are reported to the ACB with clear ownership and timelines, and the closure of issues is tracked to completion. Specialised reviews — concurrent audit of high-risk transactions and IS / information-systems audit — supplement the RBIA where required. The scope, periodicity and rating mechanics are set by the RBI — told to confirm on the official source.

Step 4 — independence safeguards, quality assurance and the RBI supervisory interface. The bank protects the function’s independence (no auditing of one’s own work, no operational responsibilities), runs a quality-assurance programme over the audit process, and ensures critical / outsourced activities are within audit scope. A robust RBIA underpins the RBI’s own supervisory assessment of the bank. The applicability, the periodicity and the precise scope are set by the RBI — told to confirm on the official source.

Step 1 — what the ratio is. The Leverage Ratio is Tier 1 capital divided by a total exposure measure, expressed as a percentage. Unlike CRAR it applies no risk weighting — every rupee of exposure counts, so the ratio constrains absolute balance-sheet (and off-balance-sheet) size. The bank keeps the ratio at or above the RBI minimum. The exact minimum is set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — building the total exposure measure. The denominator brings together on-balance-sheet exposures, derivative exposures, securities-financing transactions (SFTs) such as repo and reverse-repo, and off-balance-sheet items converted via the prescribed credit-conversion factors. Netting is allowed only within the limited bounds the framework permits. The precise composition, the conversion factors and the netting rules follow the RBI’s leverage-ratio guidance — told to confirm on the official source.

Step 3 — minimum, buffers and monitoring. The bank monitors the ratio continuously and keeps it above the RBI minimum; Domestic Systemically Important Banks (D-SIBs) may carry an additional leverage buffer on top. The ratio is tracked through the capital-planning / ICAAP process so a drift towards the floor triggers corrective action before it is breached. The minimum, any D-SIB add-on and the measurement frequency are set by the RBI — told to confirm on the official source.

Step 4 — governance, reporting and disclosure. The board and ALCO own the leverage-risk appetite, the ratio is reported to the RBI at the prescribed frequency, and it is publicly disclosed under Pillar 3 so the market can see the bank’s leverage. A healthy leverage ratio reassures depositors and supervisors that headline capital strength is not an artefact of low risk weights. The reporting cadence and the disclosure format are set by the RBI — told to confirm on the official source.

Step 1 — what the ratio is. NSFR is Available Stable Funding (ASF) divided by Required Stable Funding (RSF), measured over a one-year horizon and kept at or above the RBI-prescribed minimum. ASF is how much of the bank’s funding is expected to stay for a year; RSF is how much stable funding the bank’s assets and off-balance-sheet activity need over a year. The exact minimum is set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — the funding side (ASF): reward stable money. Each funding source is weighted by how durable it is. Capital and genuinely long-term borrowings carry the highest ASF factors; stable retail and small-business deposits carry high factors; short-term wholesale and inter-bank funding that can run carries low factors. The lesson the ratio teaches: fund the book with money that stays, not with hot wholesale balances that vanish under stress.

Step 3 — the asset side (RSF): penalise illiquid, long assets. Each asset and off-balance-sheet item is weighted by how much stable funding it ties up. Cash and high-quality liquid assets carry low RSF factors (they can be sold or pledged), while long-dated loans, illiquid securities and encumbered assets carry high RSF factors because they cannot easily be turned into cash. Lengthening the loan book or locking up collateral therefore raises the stable funding the bank must hold against it.

Step 4 — govern it: ALCO ownership, monitoring, reporting and disclosure. The board sets the structural-funding appetite and the Asset-Liability Committee (ALCO) manages the maturity profile so the ratio stays above the floor; the bank monitors NSFR within its funding plan and ICAAP, reports it to the RBI and discloses it under Pillar 3. A drift towards the minimum is an early warning to lengthen funding or shorten/liquefy assets — the same discipline that, if breached prudentially, can draw supervisory intervention. The exact minimum, the ASF/RSF factors, the maturity buckets and the disclosure format are set by the RBI — told to confirm on the official source.

Step 1 — identify all material risks. ICAAP starts by going beyond Pillar 1 to capture risks the standard minimums under-count or omit — concentration risk, interest-rate risk in the banking book (IRRBB), liquidity risk, credit concentration, residual, reputational, strategic and climate-related risk. The board approves what counts as material. The list and the materiality thresholds are the bank’s own, framed by the RBI’s ICAAP expectations — told to confirm on the official source.

Step 2 — assess and quantify the capital need. For each material risk the bank estimates the capital it should hold, using methods proportionate to its size and complexity. It then forms a view of total internal capital — the capital required to remain solvent through its own risk profile, not merely the Pillar 1 floor. This is owned by the board and senior management, not delegated to a model. The methodologies are the bank’s own under RBI guidance — told to confirm on the official source.

Step 3 — stress test and plan capital forward. The bank runs forward-looking stress tests across a multi-year horizon — macro downturns, idiosyncratic shocks, combined scenarios — and checks that capital stays above the regulatory minimums plus its buffers throughout. The capital plan ties ICAAP to the business plan, dividend policy and the leverage and structural-funding ratios, so a drift towards any floor triggers management action before it is breached. The stress scenarios and the horizon follow RBI expectations — told to confirm on the official source.

Step 4 — the supervisory dialogue (SREP) and the outcome. The bank documents the ICAAP and submits it to the RBI, which runs its Supervisory Review and Evaluation Process (SREP) — challenging the assumptions, methods and governance. Where the RBI judges that risks are under-provided, it can require the bank to hold capital above the Pillar 1 minimum or take other supervisory measures; an unaddressed shortfall can escalate to Prompt Corrective Action. The submission frequency, the SREP cadence and any add-on are set by the RBI — told to confirm on the official source.

Step 1 — who must be reported. CRILC is the RBI’s system-wide repository of large-credit information. A bank reports each borrower whose aggregate exposure (fund-based plus non-fund-based) is at or above the RBI-prescribed reporting threshold, so the RBI and every other lender can see the borrower’s total bank debt in one place. The exact exposure threshold and which entities must report are set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — the SMA early-warning ladder. Before default, the account is graded by how long dues have been outstanding into Special Mention sub-categories — broadly an incipient-stress bucket (principal/interest overdue but only briefly), then progressively longer-overdue buckets as the delay lengthens. The ladder is an early-warning signal, not yet an NPA: it tells the bank and the system that stress is building. The exact day-count bands that define each SMA sub-category are set by the RBI — told to confirm on the official source.

Step 3 — the reporting cadence. CRILC submissions follow the RBI’s prescribed frequency — a periodic full return plus more frequent reporting once an account crosses into the more-stressed SMA buckets or actually defaults, so the system is alerted quickly. The bank’s data must be accurate and reconciled across lenders, because CRILC is only as useful as the quality of what every bank files. The exact return formats, the periodic vs event-driven cadence and the data fields are set by the RBI — told to confirm on the official source.

Step 4 — what it triggers: visibility, coordination and resolution. Once a large account is flagged in CRILC and laddered through SMA, lenders can no longer treat it in isolation: the shared view drives coordinated monitoring and, when an account defaults, feeds the Prudential Framework for Resolution of Stressed Assets (review, inter-creditor agreement, resolution plan). Misreporting or delay in CRILC is itself a supervisory and penal concern. The governance, the resolution timelines and the consequences of misreporting are set by the RBI — told to confirm on the official source.

Step 1 — assemble the prescribed disclosure set. Pillar 3 is delivered through RBI-prescribed templates covering capital structure and adequacy (the CRAR and its CET1/Tier-1/Tier-2 build-up), the Leverage Ratio, the LCR and NSFR liquidity standards, credit-risk and credit-quality (including NPA/IRAC) exposures, market risk, interest-rate risk in the banking book, operational risk, remuneration and the regulatory-vs-accounting reconciliation. The exact template list and line items are set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — reconcile the numbers to the audited accounts. Pillar 3 figures must tie back to the same regulatory returns and audited financial statements the bank already files — the disclosure cannot tell a different story from the balance sheet. A reconciliation between the accounting balance sheet and the regulatory scope of consolidation is part of the set, so the published risk picture is consistent with the audited one. The reconciliation format is RBI-prescribed — confirm on the official source.

Step 3 — publish on the prescribed cadence and channel. The disclosures are made at the RBI’s prescribed frequency (some annually, some more frequently) and placed where the market can reach them — typically the bank’s website and the annual report, kept available for the prescribed retention period so the time-series is visible. Which template goes out at which frequency, the publication channel and the retention period are set by the RBI — told to confirm on the official source.

Step 4 — govern it and own the accuracy. Pillar 3 is not a marketing document: the board/senior management owns a formal disclosure policy, controls assure the figures are accurate and consistent with the regulatory returns, and material weaknesses are not omitted. Misstatement or omission is a supervisory and penal concern, because the whole point of market discipline is that the published numbers can be trusted. The governance, attestation and proportionality (smaller banks disclose proportionately less) are set by the RBI — confirm on the official source.

Step 1 — understand the supervisory model. RBS is forward-looking and risk-focused: rather than testing every transaction, the supervisor forms a view of the bank’s business risks and the strength of its controls and governance, and whether capital and oversight are adequate for that risk. It runs as a continuous cycle combining off-site surveillance (the data the bank files) with an on-site assessment. The precise framework, model and assessment dimensions are set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — furnish the supervisory inputs accurately. The bank submits the prescribed supervisory returns and data templates and a self-assessment on the prescribed cadence; the supervisor’s risk picture is only as good as this data, so accuracy and reconciliation to the audited accounts and regulatory returns matter, and misreporting is itself a supervisory and penal concern. The exact return set, formats and submission timelines are RBI-prescribed — confirm on the official source.

Step 3 — the assessment and the risk rating. The supervisor examines governance, the risk-management framework and the control environment, weighs inherent risk against control strength, and assigns a risk-based supervisory rating; it then frames a risk-mitigation / monitorable action plan setting out the weaknesses the bank must remediate. The rating scale, the assessment granularity and the supervisory-engagement intensity (more supervision for higher-risk banks) are set by the RBI — told to confirm on the official source.

Step 4 — remediate, track closure, and the escalation ladder. The bank acts on the supervisory findings and the action plan within the given timelines, with the board / Audit Committee owning closure and evidencing it back to the supervisor. Unaddressed or severe weaknesses can escalate — to closer monitoring, Prompt Corrective Action on breach of the PCA thresholds, or enforcement. The remediation timelines, the closure-evidence expectations and the escalation triggers are set by the RBI — confirm on the official source.

Step 1 — understand what is in scope. The directive applies to entities in the payment-system ecosystem and concerns the data relating to payment transactions — broadly the end-to-end transaction details that the bank and its partners process. What exactly counts as payment data, which entities are covered and how any limited cross-border processing is to be handled are set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — map the data and the supply chain. The bank inventories every place payment data is created, processed, switched, stored or copied, including outsourced processors, payment gateways, card networks and cloud regions, and identifies anything that holds or replicates that data outside India. This data-flow map is the foundation for both the localisation fix and the bank’s wider cyber and customer-data controls.

Step 3 — bring storage onshore and govern any cross-border processing. The bank arranges for the payment data to be stored within India and, where a transaction is processed abroad, handles the foreign-leg data the way the RBI requires (for example any permitted return/purge of offshore copies). Contracts with processors and the bank’s cloud and outsourcing arrangements are updated so the localisation obligation flows through to every vendor, with the bank remaining accountable. The precise storage, processing and any deletion timelines are RBI-prescribed — confirm on the official source.

Step 4 — evidence, audit and report compliance. The bank documents the arrangement, obtains the prescribed compliance confirmation / system audit assurance, and reports to the RBI in the prescribed manner; the board and the relevant risk/IT committees own ongoing compliance, and any change of processor or cloud region is re-assessed against the directive. The exact audit, certification and reporting requirements and their cadence are set by the RBI — told to confirm on the official source.

Step 1 — understand what is in scope and who may still store the card number. CoFT concerns the actual card number (and related data) held on file by merchants and other intermediaries to enable repeat payments. The framework restricts who may continue to store it (broadly the card issuer and the card network), requires everyone else to use tokens instead, and sets the customer-consent and additional-factor-of-authentication conditions for creating a token. Exactly which entities may store card data, what data must be purged and the consent mechanics are set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — inventory every place a card number is stored. The bank maps its own systems and its outsourced processors, payment gateways and merchant relationships to find every datastore, log, backup and analytics copy that holds an actual card number. This card-data map is the foundation for both the tokenisation switch and the bank’s wider cyber and data-localisation controls.

Step 3 — tokenise, then purge. With customer consent and the prescribed authentication, the bank/merchant has the card network generate a token for each card-on-file, re-points recurring mandates, refunds and saved-card checkout to the token, and then deletes the actual card numbers that it is no longer permitted to store. Contracts with gateways and outsourced processors are updated so the no-storage / token-only obligation flows through every vendor, with the bank remaining accountable. The permitted retention (for example the last few digits for identification) and the purge timeline are RBI-prescribed — confirm on the official source.

Step 4 — govern, evidence and monitor. The bank documents the arrangement, ensures transaction flows (including refunds, chargebacks and reconciliation) work on tokens, and keeps the board and the relevant risk/IT committees accountable for ongoing compliance; any new merchant, gateway or processor is on-boarded token-only and re-assessed against the framework. The exact certification, audit and any reporting requirements and their cadence are set by the RBI — told to confirm on the official source.

Step 1 — classify the PPI and confirm authorisation. PPIs are broadly grouped by where they can be spent — closed-system (issuer’s own goods/services only, generally outside the PPI framework), semi-closed (a defined network of accepting merchants) and open-system (usable anywhere, card-network rails, issued by banks). A non-bank issuer needs RBI authorisation to operate; banks issue under their banking licence subject to the framework. Exactly which entity may issue which category, the authorisation route and the minimum net-worth are set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — match the KYC tier to the loading, balance and usage limits. The framework distinguishes a minimum-detail / small PPI (limited loading, balance and usage, and a path to convert) from a full-KYC PPI (higher limits and broader functionality). The issuer maps each product to its KYC tier and applies the prescribed per-load, monthly-load, outstanding-balance and cash-loading/withdrawal conditions, and the validity and re-loadability rules. The exact limits, KYC tiers and conversion timelines are RBI-prescribed — confirm on the official source.

Step 3 — safeguard the float and enable interoperability. The outstanding balance customers have loaded is not the issuer’s money: a non-bank issuer holds it in an escrow account with a scheduled commercial bank, ring-fenced and reconciled, so customers can always redeem. Full-KYC PPIs are required to be interoperable — usable across UPI and card networks — and any stored card data follows the tokenisation rules. The escrow mechanics, permitted debits/credits and the interoperability mandate are set by the RBI — confirm on the official source.

Step 4 — protect customers, govern and report. The issuer wires in customer protection — limited liability for unauthorised transactions, transaction alerts, a grievance-redressal channel feeding the RBI Ombudsman, and clear validity/redemption disclosure — and keeps the board and risk/IT committees accountable for ongoing compliance, system audit and the prescribed RBI reporting. The exact customer-protection, audit and reporting requirements and their cadence are set by the RBI — told to confirm on the official source.

Step 1 — decide PA vs PG, and confirm authorisation + net-worth. The first question is whether the entity touches the money: an aggregator that receives and settles merchant funds is a PA and needs RBI authorisation and a prescribed minimum net-worth (banks provide PA services under their existing licence within the framework); a gateway that only routes the transaction without handling funds is a PG. The exact net-worth threshold, the application route and the timeline to reach/maintain it are RBI-prescribed — told to confirm on the official source rather than quoted from memory.

Step 2 — onboard merchants with due diligence. The PA cannot simply sign up anyone: it runs KYC / customer due diligence on every merchant, checks the merchant’s website/app for prohibited activity, and is responsible for the conduct of the merchants it onboards. The merchant-onboarding, background-check and ongoing-monitoring obligations — including for any outsourced onboarding — are set by the RBI; confirm the current requirements on the official source.

Step 3 — ring-fence the money: escrow + settlement discipline. The customer’s money the PA collects is not the PA’s money: it must sit in an escrow account maintained with a scheduled commercial bank (the PA may not co-mingle it with its own funds), and is settled to merchants within the prescribed settlement cycle. The PA also may not store actual card data — it relies on network tokens — and keeps payment data within India per data-localisation. The exact escrow mechanics, permitted credits/debits to the escrow and the settlement (T+n) timelines are RBI-prescribed — confirm on the official source.

Step 4 — protect customers, secure the rails, govern and report. The PA puts in place a baseline technology and security posture, a customer grievance-redressal channel escalating to the RBI Ombudsman, a refund/chargeback process, and board-level accountability for the programme; any new merchant, gateway or outsourced processor is on-boarded within the framework and re-assessed. The exact security baseline, customer-protection rules and the prescribed audit/certification and reporting cadence are set by the RBI — told to confirm on the official source.

Step 1 — identify the layer. Placement turns on asset size, activity and systemic importance. Broadly: most NBFCs sit in the Base Layer (smaller, non-deposit-taking, lower-risk activities); larger deposit-taking and non-deposit-taking-systemically-important NBFCs and certain specialised categories sit in the Middle Layer; a small set of the largest NBFCs that RBI specifically identifies by a parametric scoring methodology sit in the Upper Layer; and the Top Layer stays empty unless RBI judges that an Upper-Layer NBFC poses extreme systemic risk. The exact size thresholds, the activity carve-outs and the Upper-Layer scoring method are set by RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — apply the layer’s prudential norms. Regulatory intensity rises with the layer. Across the layers RBI calibrates the net-owned-fund / minimum capital entry bar, the capital adequacy (CRAR) expectation, the NPA recognition timeline (the framework moved the overdue cut-off towards the banking standard), provisioning, concentration / large-exposure limits and, for the Upper Layer, bank-like extras such as a common-equity / leverage expectation, differential standard-asset provisioning and a mandatory listing requirement within a set period. Higher layer → more banking-like the rulebook. The exact ratios and timelines are set by RBI — told to confirm on the official source.

Step 3 — apply the layer’s governance & conduct norms. SBR also scales board and governance requirements — fit-and-proper criteria, board committees (audit, risk, nomination), a chief compliance officer and chief risk officer for larger NBFCs, a board-approved policy on KYC and digital lending conduct, ceilings on certain exposures (e.g. loans to directors / IPO financing), and disclosure. Upper-Layer NBFCs face the most demanding set, close to a bank’s. The applicable committees, officer mandates and conduct ceilings per layer are set by RBI — told to confirm on the official source.

Step 4 — monitor, report and move layers. An NBFC’s layer is not static: crossing a size threshold, or being named by RBI to the Upper Layer, pulls the entity up into a stricter regime, usually with a glide path to comply. The NBFC tracks its own metrics, furnishes the prescribed supervisory returns to RBI, and remediates gaps before they trigger supervisory action — the same escalation logic that, for prudential breaches, can draw Prompt Corrective Action. The transition timelines and return formats are set by RBI — told to confirm on the official source.

Step 1 — confirm it is a microfinance loan. The defining tests are that the loan is collateral-free and made to a household whose annual income does not exceed an RBI-set ceiling; the household (not the individual) is the unit of assessment. Income is assessed and, beyond a small-ticket threshold, validated against a board-approved method. The exact household-income ceiling and the assessment method are set by RBI — told to confirm on the official source rather than quoted from memory.

Step 2 — size it against repayment capacity. The framework caps the household’s monthly loan-repayment obligations — across all its loans from all lenders, not just this one — at a board-approved percentage of monthly household income. The lender pulls the household’s existing obligations (using credit-bureau / CIC data), tests the proposed EMI against the cap, and declines or resizes if the household is already at its limit. The cap percentage and how obligations are computed are set by RBI / board policy — told to confirm on the official source.

Step 3 — price it transparently. The Directions removed the old margin/interest ceiling but require each lender to adopt a board-approved interest-rate policy with a ceiling on the rate, to keep pricing non-usurious, and to disclose the all-in cost in a standardised factsheet / key-fact statement. There is no pre-payment penalty, no recovery of anything beyond the disclosed cost, and the same rate must apply to comparable borrowers. The pricing-policy contents and disclosure format are set by RBI — told to confirm on the official source.

Step 4 — conduct, recovery & reporting. Apply the borrower-protection code: no coercive recovery, a defined recovery-at-a-designated-place practice, a dedicated grievance-redressal route (escalating to the RBI Ombudsman), and rules on outsourced recovery agents. Report the loan and conduct to all Credit Information Companies, and where the loan is sourced through an app apply the Digital Lending conduct rules. The conduct code, recovery norms and reporting cadence are set by RBI — told to confirm on the official source.

Step 1 — membership & what gets reported. The lender holds membership of all four CICs and submits each borrower’s account data in the bureaus’ common data-submission format — identity, the facility, sanctioned and outstanding amounts, the repayment track, days-past-due and the asset-classification / write-off / settlement status. The data set, the format and the membership obligation are set by CICRA and the RBI — told to confirm on the official source.

Step 2 — submit accurately, on the prescribed cadence. Data must be furnished on the RBI-prescribed periodic cycle and be accurate and complete; the RBI has tightened reporting to a more frequent cycle and requires lenders to explain rejections and reconcile data the CIC could not load. The exact submission frequency and the rejection-handling timeline are set by the RBI — told to confirm on the official source rather than quoted from memory.

Step 3 — corrections, grievance & compensation. When a borrower disputes an entry, the lender must investigate and correct or update the data within the RBI-prescribed window, and a nodal officer / grievance route must exist (escalating to the RBI Ombudsman). The RBI framework also provides for compensation to the borrower if a complaint is not resolved within the prescribed period. The correction window, the grievance route and the compensation rule are set by the RBI — told to confirm on the official source.

Step 4 — consumer rights: free report & update alerts. The framework gives every individual a free full credit report from each CIC at the RBI-prescribed frequency, and requires lenders / CICs to alert the borrower (SMS / email) whenever their credit information is accessed or their default / days-past-due status is reported. The lender wires these alerts and honours the free-report entitlement. The free-report frequency and the alert triggers are set by the RBI — told to confirm on the official source.

Step 1 — a board-approved Financing Framework comes first. Before raising a single rupee the bank adopts a board-approved policy / Financing Framework for issuing and allocating green deposits: the deposit products and tenors, that they are denominated in Indian rupees, how proceeds are tracked and temporarily parked pending allocation, and the governance for the whole cycle. The framework is the gate — the exact contents and any cap/cumulative limits are set by the RBI, told to confirm on the official source.

Step 2 — allocate proceeds only to eligible green activities (the taxonomy). Proceeds may fund only the eligible green project categories the framework lists — typically renewable energy, energy efficiency, clean transportation, green buildings, sustainable water and waste management, pollution prevention, and climate-change adaptation — and must avoid the excluded uses (e.g. fossil-fuel and certain carbon-intensive activities). The full eligible-and-excluded list is set by the RBI, told to confirm on the official source rather than assumed.

Step 3 — independent third-party verification & an impact assessment. The allocation is not self-certified: an independent third-party verification / assurance checks that the funds actually went to eligible green projects in line with the framework, and an impact assessment reports the environmental effect of the financed projects. The cadence (e.g. annual) and the scope of the verification and impact assessment are set by the RBI, told to confirm on the official source.

Step 4 — disclose, report and protect the depositor. The bank places a review report and disclosures — amounts raised, projects financed by category, unallocated proceeds, and the third-party-verification and impact-assessment findings — before its Board and in the public domain (e.g. annual financial statements / website). Crucially, depositor protection is unaffected: a green deposit carries the bank’s normal deposit obligations, and a failure to allocate or a shortfall does not change the depositor’s contractual rights to interest and repayment. The disclosure format and timeline are set by the RBI, told to confirm on the official source.

Step 1 — decide the category up front from the business model + cash-flow test. Classification is made at acquisition, not after the fact. A security can go to HTM only if the bank’s objective is to hold it to collect contractual cash flows and those cash flows are solely payments of principal and interest; otherwise it sits in AFS (held both to collect and to sell) or FVTPL/HFT (held to trade / not meeting the other tests). The precise eligibility conditions and any instrument-specific carve-outs are set by the RBI, told to confirm on the official source.

Step 2 — value each category by its rule. HTM is generally carried at cost (with the usual amortisation and impairment discipline); AFS is marked to fair value with the net unrealised movement taken to a separate AFS-Reserve in equity rather than the P&L; FVTPL/HFT is marked to fair value straight through the profit and loss account. The exact valuation hierarchy and treatment of each bucket are set by the RBI, told to confirm on the official source.

Step 3 — transfers between categories are tightly controlled. Moving a security from one category to another (e.g. out of HTM) is restricted and, where allowed, follows a defined process with board approval and disclosure conditions — the framework deliberately limits reclassification so the category cannot be used to flatter results. The conditions, timing windows and any approval requirements are set by the RBI, told to confirm on the official source.

Step 4 — govern, recognise income and disclose. The whole portfolio runs under a board-approved investment policy: income recognition, periodic valuation, the symmetric treatment of gains and losses, and disclosures (including movements in the AFS-Reserve) all flow from it and feed the bank’s capital and financial statements. The disclosure format, valuation cadence and capital interactions are set by the RBI, told to confirm on the official source.

Step 1 — appoint an independent IO. The bank appoints the IO as a fixed-tenure, senior figure who has not previously worked for that bank, is not below a prescribed seniority, and reports administratively to the MD/CEO but functionally to the Board / Customer Service Committee — so the IO can overrule the line management whose decisions are being reviewed. Removal before term needs the higher governance / RBI safeguards. The exact eligibility, tenure, seniority floor and removal conditions are set by the RBI, told to confirm on the official source.

Step 2 — auto-escalate every rejected complaint to the IO. The defining mechanic: when the bank’s internal grievance-redressal machinery decides to reject or only partly uphold a customer complaint, that decision must be referred to the IO before the reply goes to the customer. The customer never has to ask — escalation is automatic and free. The IO independently examines the complaint and the bank’s proposed rejection. The categories that are auto-referred (and any carve-outs) are set by the RBI, told to confirm on the official source.

Step 3 — act on the IO’s decision, within time. If the IO agrees with the customer, the bank implements the relief; if the IO upholds the rejection, the bank’s final reply to the customer must state that the complaint was examined by the Internal Ombudsman. The IO works to defined timelines and certain matters are excluded from its remit (for example fraud / vigilance and staff/HR matters). The decision timeline and the excluded categories are set by the RBI, told to confirm on the official source.

Step 4 — oversight, reporting and the RBI-Ombudsman handoff. The Board / Customer Service Committee oversees the IO’s functioning, the bank furnishes the prescribed reporting to the RBI, and the IO process is an internal layer — distinct from, and exhausted before, the external RBI Ombudsman (RB-IOS), which the customer may approach only after the bank’s internal route (including the IO) is complete or the reply window lapses. The oversight cadence, reporting format and handoff window are set by the RBI, told to confirm on the official source.

Step 1 — capture the issuer’s positive-pay confirmation. When the customer writes a cheque at or above the RBI-set value threshold, the issuer submits the cheque’s key particulars — typically the cheque number, cheque date, payee name and amount (and the account) — to the bank through an approved channel (net/mobile banking, branch, ATM, SMS). The bank stores this as the “positive pay” record against that cheque. Whether PPS is mandatory above the threshold or optional below it, the exact value threshold, the data fields required and the submission cut-off are set by the RBI, told to confirm on the official source.

Step 2 — match at presentation in CTS. When the beneficiary deposits the cheque and it is presented for clearing through CTS, the drawee bank compares the presented cheque against the issuer’s positive-pay record. A clean match on the confirmed fields lets the cheque proceed to payment in the normal clearing flow. The matching scope and which discrepancies are flagged are set by the RBI / clearing house (NPCI), told to confirm on the official source.

Step 3 — handle a mismatch (or a missing confirmation). If a confirmed field does not match — or, where PPS is mandatory, the issuer never submitted the details for an above-threshold cheque — the item is flagged so the banks can act before honouring it, and it may be returned with the appropriate reason rather than paid blindly. The bank does not silently pass a discrepant high-value cheque. The precise treatment of mismatches and missing confirmations, and the return reasons, are set by the RBI / NPCI, told to confirm on the official source.

Step 4 — disclosure, dispute and records. The bank tells customers about PPS and (where applicable) makes it a condition for clearing the largest-value cheques, keeps an auditable record of the confirmation and the match result, and routes any customer dispute through the bank’s grievance-redressal machinery. PPS reduces the population of disputed/tampered cheques feeding the unauthorised-transaction and fraud processes. The customer-awareness, record-keeping and dispute-handling expectations are set by the RBI, told to confirm on the official source.

Step 1 — register the e-mandate with one-time authentication. At set-up the customer authenticates once (with AFA) and authorises a recurring debit with a defined maximum amount, frequency and validity period. The mandate is registered against the customer’s card or account and a unique mandate reference is created, so every later debit can be traced to a standing authorisation rather than a fresh instruction. The permissible channels (card, UPI, account) and the data captured at registration are set by the RBI, told to confirm on the official source.

Step 2 — send a pre-debit notification before every charge. Ahead of each recurring debit the bank/merchant must send the customer an advance pre-debit notification stating the amount and date, a set time before the debit, giving the customer a window to review, pause or opt out. No recurring debit may be attempted without that prior notice. The notification lead-time, contents and channel are set by the RBI, told to confirm on the official source.

Step 3 — apply AFA, with the recurring-transaction exemption. The first / registration transaction carries full Additional Factor of Authentication; subsequent recurring debits are processed without AFA only where the transaction is within the RBI’s specified value limit for the recurring-transaction exemption. A debit above that limit requires explicit AFA on each occasion (an additional OTP/approval), so high-value recurring charges are never auto-debited silently. The exact AFA-exemption value limit and the above-limit handling are set by the RBI, told to confirm on the official source.

Step 4 — honour modification, cancellation, disclosure and disputes. The customer can modify or cancel the mandate at any time through a simple facility, and a cancelled mandate must stop all further debits. The bank discloses the mandate terms up front, keeps an auditable trail, and routes any wrong or unexpected debit through the unauthorised-transaction and grievance-redressal processes. The cancellation facility, any velocity / per-debit controls and the reporting are set by the RBI, told to confirm on the official source.

Step 1 — disclose the benchmark and reset mechanics at sanction. At the time of sanction the bank must clearly communicate the benchmark, the spread, the reset periodicity and how a change in the benchmark feeds into the EMI and/or the tenor. The borrower is told, up front, that a rise in the benchmark can raise the EMI, lengthen the tenor, or both — and what choices they will have at each reset — so a later rate rise is never a surprise. The disclosure contents and format are set by the RBI, told to confirm on the official source.

Step 2 — at each reset, give the borrower the prescribed options. When the benchmark resets, the bank communicates the revised rate and its effect and offers the borrower the ability to switch to a fixed rate, to increase the EMI, to extend the tenor, or to part- or full-prepay — in any permitted combination. Crucially, a tenor extension must not run so far that the EMI fails to cover the interest (negative amortisation); where it would, the borrower’s explicit consent and an EMI/tenor fix are required. The exact menu of options, any limits on the number of switches and the negative-amortisation guard are set by the RBI, told to confirm on the official source.

Step 3 — disclose switching / prepayment charges and keep the borrower informed. Any charges or service costs for switching from floating to fixed, or for foreclosure / prepayment, must be disclosed transparently in the sanction letter and at each reset — never buried. The bank provides a statement at appropriate intervals showing the principal and interest recovered, the EMI, the annualised rate and the number of EMIs left, so the borrower can see the running impact and decide. The disclosable charges and statement cadence are set by the RBI, told to confirm on the official source.

Step 4 — make the options accessible, auditable and disputable. The borrower must be able to exercise these options through accessible channels, the bank keeps an auditable trail of each reset and election, and any complaint about a wrong reset, an undisclosed charge or an unconsented tenor extension is routed through the grievance-redressal and RBI Ombudsman processes. The channels, record-keeping and redressal requirements are set by the RBI, told to confirm on the official source.

Step 1 — identify a “failed transaction” across each authorised channel. A failed transaction is one where the customer’s account is debited but the intended outcome does not occur — cash not dispensed at an ATM, a card / POS / e-commerce charge that does not complete, a UPI / IMPS / NEFT / RTGS / AePS / e-mandate transfer where the beneficiary is not credited, or a points-of-sale reversal not effected. The framework lays down a channel-by-channel TAT (the time within which the failed debit must be reversed) for each authorised payment system; the exact channel list and per-channel TAT windows are set by the RBI, told to confirm on the official source.

Step 2 — auto-reverse within the prescribed TAT, without a customer claim. The reversal must be automatic (system-driven), not contingent on the customer raising a complaint. The bank credits the failed amount back to the account within the channel’s TAT, and where the underlying switch / NPCI / network confirms the failure the reversal is initiated on its own. The cut-off (e.g. by a stated number of days from the transaction date) and the start point of the TAT clock are set by the RBI, told to confirm on the official source.

Step 3 — pay compensation for any delay beyond TAT. If the reversal is not effected within the prescribed TAT, the bank must pay the customer compensation for the delay — typically a fixed amount for each day of delay beyond the window — credited suo motu (on its own) to the same account, again without the customer having to ask. The per-day compensation amount and the exact day from which it accrues are set by the RBI, told to confirm on the official source.

Step 4 — make it visible, auditable and disputable. The bank gives the customer accessible channels to report a failed transaction, keeps an auditable record of the debit, the reversal and any compensation, and routes any complaint about a missing reversal or unpaid compensation through the grievance-redressal and, on escalation, the RBI Ombudsman processes. This TAT/compensation duty for failed transactions sits alongside — and is distinct from — the zero-liability framework for unauthorised electronic transactions. The reporting channels, record-keeping and redressal requirements are set by the RBI, told to confirm on the official source.

Step 1 — due diligence on the BC and who may be engaged. Before appointment the bank runs due diligence on the proposed BC — identity / KYC, background and reputation, financial soundness, and fit-and-proper checks — and confirms the entity or individual falls within the categories RBI permits to act as a Business Correspondent. The eligible categories, any bar on who may act, and the engagement model (direct or through a corporate BC) are set by the RBI, told to confirm on the official source.

Step 2 — scope the permissible services and the banking outlet. A BC can deliver the basic banking services RBI permits — typically small-value deposits and withdrawals, account opening with KYC, remittances, recovery of small-value credit, and financial-literacy / facilitation work — from a banking outlet mapped to a named controlling branch. The bank remains the principal: the BC acts on its behalf, not on its own account. The precise permissible-activity list and any per-transaction or per-day value caps are set by the RBI, told to confirm on the official source rather than assumed.

Step 3 — protect the customer: transparency, pricing, cash and data. The bank must ensure the BC does not charge the customer anything beyond what the bank itself transparently discloses, that the customer gets a receipt / acknowledgement and the transaction is reflected in the bank’s books, that cash is reconciled and settled within the prescribed timeframe so float risk does not sit with the agent, and that customer data and confidentiality are protected. The fee / charge rules, the cash-settlement timeline and the data-protection requirements are set by the RBI, told to confirm on the official source.

Step 4 — supervision, liability and grievance. The bank stays liable for the acts and omissions of its BC and must supervise — a named controlling branch within a reasonable distance, periodic visits and audit, and a clear grievance-redressal route for customers served through the BC. Any complaint about overcharging, a missing credit or agent conduct flows through the grievance-redressal and, on escalation, the RBI Ombudsman processes, and account opening at the outlet still follows the KYC framework. The distance norms, oversight cadence and supervisory requirements are set by the RBI, told to confirm on the official source.

Step 1 — offer nomination and register it on the prescribed form. The bank should offer the nomination facility at account opening / locker hiring and record the customer’s choice — either a registered nominee or a conscious decision not to nominate. Nomination is made on the prescribed nomination form for the relevant product (deposit account, safe-deposit locker, or article in safe custody) and is acknowledged to the customer. The exact form designations and the number of nominees permitted per product are set by the RBI / the governing rules, told to confirm on the official source rather than assumed.

Step 2 — explain what a nominee is, and is not. A nominee is a trustee / receiver who is paid the balance or handed the locker contents to hold on behalf of the legal heirs — nomination decides who the bank pays, not who finally owns the money; ownership is still governed by succession law. This is the key point the co-pilot surfaces so the customer is not misled. The precise legal effect is set by the governing statute / RBI guidance, told to confirm on the official source.

Step 3 — allow variation and cancellation any time. The customer (the account / locker holder) can add, change or cancel a nomination during their lifetime using the prescribed variation / cancellation form; the latest valid registration on the bank’s record governs. For joint accounts and joint lockers the rules on who may nominate and the survivor’s position apply. The forms, joint-holder rules and any witnessing requirement are set by the RBI / governing rules, told to confirm on the official source.

Step 4 — on death, settle to the nominee with minimal friction. Where a valid nomination exists, the bank settles the deposit balance to the registered nominee — and for a locker / safe-custody article, releases the contents to the nominee (with the surviving hirer where applicable) after the prescribed inventory process — without insisting on succession certificates or legal-heir documentation for that payment. Where there is no nomination, the deceased-depositor claim route with the bank’s settlement policy applies, and any dispute flows through grievance redressal and, on escalation, the RBI Ombudsman. The settlement steps, the locker inventory procedure and the documentation limits are set by the RBI, told to confirm on the official source.

Step 1 — confirm eligibility and that the facility is offered. The bank confirms the customer falls in the eligible group RBI specifies for doorstep banking — senior citizens at or above the prescribed age and differently-abled / incapacitated persons — and that the customer maintains an account with the branch. RBI requires banks to make doorstep banking available to these groups and to publicise it; the exact qualifying age and the eligibility definition are set by the RBI, told to confirm on the official source rather than assumed.

Step 2 — scope the permissible doorstep services. Doorstep banking typically covers basic financial and non-financial services — pickup of cash / instruments, delivery of cash against a withdrawal, delivery of demand drafts, submission of KYC documents and life certificates, and similar — rendered at the customer’s home through bank staff or an authorised agent, with the bank remaining responsible. The precise list of permissible services and any per-transaction value cap are set by the RBI / the bank’s board-approved policy, told to confirm on the official source.

Step 3 — protect and inform the customer: charges, identity and acknowledgement. The bank must transparently disclose any charges for the doorstep service up front (no hidden or excess fees), authenticate the customer and the visiting official, give a receipt / acknowledgement for cash or instruments handled, and reflect the transaction in the bank’s books so the customer is never exposed to agent float risk. The fee structure and the verification controls are set by the RBI / the bank’s policy, told to confirm on the official source.

Step 4 — turnaround, refusal handling and grievance. The bank should serve the request within a reasonable, disclosed turnaround and must not unreasonably refuse an eligible customer; a refusal or delay is a customer-service lapse. Any complaint — refusal, overcharging, a missing credit or staff conduct — flows through the grievance-redressal process and, on escalation, the RBI Ombudsman; identity / account checks still follow the KYC framework. The expected turnaround and the service-quality requirements are set by the RBI, told to confirm on the official source.

Step 1 — classify the instrument and set definite collection timeframes. The policy separates local cheques (payable in the same clearing zone, now largely same-/next-day under cheque-truncation clearing) from outstation cheques, and publishes a definite maximum timeframe within which the proceeds will be credited for each category. The exact clearing windows are set by the RBI / the bank’s board-approved CCP, told to confirm on the official source rather than assumed.

Step 2 — immediate credit of outstation instruments up to a board-set limit. RBI expects banks to offer immediate credit of outstation cheques / drafts up to a limit fixed in the board-approved policy, so a customer is not made to wait for clearing on small instruments (with the bank able to recover interest if the instrument is later returned unpaid). The immediate-credit ceiling and the recovery terms are set by the bank’s CCP within the RBI framework, told to confirm on the official source.

Step 3 — pay the customer for delay (delayed-collection interest). If collection runs beyond the timeframe the policy promises, the bank must pay interest / compensation for the delay automatically — without the customer having to ask — at the rate and on the basis the policy specifies (typically a savings-rate band, stepping up for extraordinary delay). The applicable rate and the step-up basis are set by the RBI / the bank’s CCP, told to confirm on the official source.

Step 4 — cheques lost in transit, charges and grievance. The policy must cover instruments lost in transit / in clearing — promptly informing the customer, helping obtain a duplicate, and bearing related costs — and set transparent collection charges with no hidden fees. Any dispute over a delayed credit, a missing instrument or a wrong charge flows through the grievance-redressal process and, on escalation, the RBI Ombudsman; an account-credit failure on electronic legs is handled under the failed-transaction TAT framework. The loss-in-transit compensation basis and the charge schedule are set by the bank’s CCP within the RBI framework, told to confirm on the official source.

Step 1 — detect and impound a suspected counterfeit; never return it. A note suspected forged is impounded, not returned to the tenderer and not recirculated; the branch stamps it as a counterfeit/forged note per the prescribed format, issues an acknowledgement to the tenderer, and records the instrument. Detection of forged notes at the counter is a statutory obligation, not a customer favour. The exact stamping format and the per-transaction detection thresholds are set by the RBI currency framework, told to confirm on the official source.

Step 2 — report counterfeits and follow the police-referral rules. Impounded forged notes are reported to RBI / the authorities and, where the number tendered in a single transaction crosses the RBI-specified count, the matter is referred to the police under the laid-down procedure — while treating a bona-fide tenderer with courtesy (the customer is not presumed an offender). The single-transaction count that triggers a police referral and the reporting route are set by the RBI framework, told to confirm on the official source.

Step 3 — exchange genuine soiled / mutilated notes under the note-refund rules. Genuine but soiled notes are exchanged at full value across the counter; mutilated / imperfect notes are paid at full or half value depending on the area of the single largest undivided piece under the note-refund adjudication rules, with designated branches handling the more complex pieces. The exact area fractions, the full-vs-half cut-offs and any per-day piece limits are set by the RBI (Note Refund) Rules, told to confirm on the official source.

Step 4 — no charge, no refusal, and escalation. Exchange of soiled / mutilated notes and small coins is a free, no-questions facility at the branch — refusal to accept or exchange is itself a deficiency. A customer denied exchange, charged a fee, or whose genuine note is wrongly rejected can route the complaint through the grievance-redressal process and, on escalation, the RBI Ombudsman. The list of designated exchange branches, the value ceilings and the adjudication basis are set by the RBI currency framework, told to confirm on the official source.

Step 1 — consent, an officer-led live session and liveness. V-CIP is a real-time, officer-driven video call (not a pre-recorded or customer-only flow) begun with the customer’s explicit consent. The official confirms the customer is physically present and live (a liveness / randomised-question check defeats spoofing) and that the session is seamless, secure and domestic-originated. The exact liveness controls and the originating-IP / domestic-location requirement are set by the RBI KYC framework, told to confirm on the official source. Recent RBI guidance has further hardened V-CIP against deepfake and synthetic-media spoofing — the officer-led liveness / randomised-question check is expected to catch AI-generated (deepfake) impersonation, and the recorded session is to be captured in a tamper-evident, audit-logged form that cannot be altered after the fact. The exact deepfake-detection and tamper-evidence requirements and their effective date are set by the RBI KYC framework, told to confirm on the official source.

Step 2 — capture identity via an RBI-permitted route. Identity is established through a permitted route — Aadhaar OTP e-KYC / Aadhaar Offline XML, or capturing the customer reading out and displaying an Officially Valid Document (OVD) — with the official performing a face match between the live customer and the document/Aadhaar photo and verifying the PAN. Aadhaar numbers are masked / redacted as required. The list of permitted identity routes and the masking rules are set by the RBI KYC framework, told to confirm on the official source.

Step 3 — quality, geotagging and a clean record. The session must have clear audio and video, capture a live photograph and geotag of the customer, and be recorded and time-stamped with the official’s identity logged, so the whole interaction is auditable. The activity is carried out by trained officials of the bank (not outsourced to the customer), and the recording is retained under the KYC record-keeping rules. The quality, geotag and retention specifications are set by the RBI KYC framework, told to confirm on the official source.

Step 4 — concurrent audit, risk category and ongoing KYC. V-CIP onboarding is subject to concurrent audit to confirm authenticity, the account is assigned a risk category and periodic-updation schedule, the beneficial owner is identified, and AML obligations (sanctions screening, STR reporting) continue exactly as for branch onboarding — see the KYC / CDD and AML / STR scenarios. Any onboarding dispute routes through the grievance-redressal process and, on escalation, the RBI Ombudsman. The concurrent-audit cadence and the periodic-updation periods are set by the RBI KYC framework, told to confirm on the official source.

Step 1 — the lead-bank role and the district mandate. Each district is assigned a lead bank that acts as the convenor for all banks and government line-departments in that district — it does not displace other lenders but coordinates them. A designated Lead District Manager (LDM) anchors the work on the ground. The criteria for designating a lead bank and the LDM’s remit are set by the RBI Lead Bank Scheme, told to confirm on the official source.

Step 2 — the review forums. Coordination runs through a tiered set of committees — the Block-Level Bankers’ Committee (BLBC) at block level, the District Consultative Committee (DCC) and District-Level Review Committee (DLRC) at district level, and the State-Level Bankers’ Committee (SLBC) at state level — each meeting on a set cadence to review credit flow, government-sponsored schemes and grievances. Which forums exist, who chairs them and how often they meet are set by the RBI Lead Bank Scheme, told to confirm on the official source.

Step 3 — building the District Credit Plan. The lead bank aggregates branch-level and bank-level lending intentions into an Annual Credit Plan / District Credit Plan, mapped against the district’s potential-linked credit plan and priority-sector and government-scheme needs, so credit is planned, not ad hoc. The planning template, the potential-linked basis and any sectoral allocation are set by the RBI Lead Bank Scheme / NABARD framework, told to confirm on the official source.

Step 4 — financial inclusion, monitoring and review. The lead bank monitors banking-outlet coverage of unbanked centres, the rollout of government-sponsored and financial-inclusion programmes, and actual versus planned credit — escalating gaps through the DCC / SLBC and feeding the national Financial Inclusion Index. It pairs with the priority-sector and Business Correspondent scenarios, and customer disputes still route through the grievance-redressal process. The coverage norms, monitoring metrics and review cadence are set by the RBI Lead Bank Scheme, told to confirm on the official source.

Step 1 — allotment, the model agreement and a transparent waiting list. The branch does customer due diligence on the applicant, allots a locker against a board-approved, RBI-model locker agreement (a stamped copy given to the customer), and maintains a branch-wise waiting list with acknowledged numbers so allotment is transparent and not arbitrary. The model-agreement clauses and the waiting-list display norms are set by the RBI Safe Deposit Locker framework, told to confirm on the official source.

Step 2 — rent, term-deposit security and no tying. The bank may take a term deposit as security to cover up to a defined number of years’ rent plus break-open charges, but cannot insist on the locker hirer buying unrelated products, and rent is collected up front for the agreed term. The permitted security-deposit basis, the rent-recovery mechanism and the prohibition on tying are set by the RBI Safe Deposit Locker framework, told to confirm on the official source.

Step 3 — access logging, alerts and the bank’s liability. Locker access is logged, and the bank sends an email / SMS alert on each operation and on any unauthorised attempt, with secure-area CCTV and record retention. Where loss is due to the bank’s own negligence, fraud by staff, or events like fire, theft or building collapse, the bank’s liability is capped at a multiple of the annual locker rent; the bank is not liable for force-majeure events outside its control, and the customer is told not to store prohibited or hazardous items. The exact liability multiple, the alert triggers and the retention period are set by the RBI Safe Deposit Locker framework, told to confirm on the official source.

Step 4 — nomination, non-payment break-open and exit. The hirer may nominate (see the nomination scenario) so contents pass smoothly on death; on persistent non-payment of rent or a dormant locker the bank follows a notice-then-break-open procedure with an inventory before independent witnesses, and on surrender the locker is closed and any security released. Any dispute routes through the grievance-redressal process and, on escalation, the RBI Ombudsman. The notice periods, the break-open and witnessing procedure and the dormancy trigger are set by the RBI Safe Deposit Locker framework, told to confirm on the official source.

Step 1 — fix the threshold and make capture available on every channel. PPS applies to cheques at or above a value threshold; the issuer re-submits the cheque’s particulars — date, payee name, amount and cheque number — through any convenient channel (net / mobile banking, SMS, ATM or branch) before presenting it. The exact value threshold (and whether the bank makes it mandatory above a higher internal limit) is set by the RBI / the bank’s board-approved policy, told to confirm on the official source rather than assumed.

Step 2 — match the presented cheque against the issuer’s confirmation at clearing. When the cheque is presented through CTS, the clearing system compares the scanned instrument against the details the issuer registered. A clean match clears normally; a mismatch is flagged to the drawee and presenting banks for redress before payment, so an altered or fabricated cheque is caught at source. The matching tolerances and the exception-handling steps are set by the RBI / NPCI CTS rules, told to confirm on the official source.

Step 3 — tell customers clearly and keep it fair. The bank must inform customers of the facility and how to register, and disclose the consequence of not registering a high-value cheque (it may be returned or held under the bank’s policy). Awareness is part of the RBI customer-service expectation, so the messaging is transparent and the registration channels are genuinely accessible. The disclosure wording and any return-handling rule are set by the bank’s board-approved policy within the RBI framework, told to confirm on the official source.

Step 4 — wire PPS into the wider controls. PPS sits alongside the Cheque Collection Policy (collection timeframes and delayed-credit interest) and the bank’s fraud-risk-management controls; a disputed PPS-related return or a wrongful debit flows through grievance redressal and, on escalation, the RBI Ombudsman. Where the disputed payment rode an electronic leg, the failed-transaction TAT framework applies. How PPS exceptions feed the fraud and grievance workflows is set by the bank’s policy within the RBI framework, told to confirm on the official source.

Step 1 — clear the eligibility gates first. Before any dividend, the bank must have met the minimum capital adequacy (CRAR) applicable to its category for the prescribed preceding years and kept its Net NPA at or below the prescribed ceiling on the reference date; it must also have complied with the applicable provisioning, transparency and statutory-reserve requirements. The exact CRAR floor by bank category, the number of qualifying years and the Net-NPA ceiling are set by the RBI Directions, told to confirm on the official source rather than assumed.

Step 2 — cap the payout by the asset-quality matrix. Even when eligible, the dividend payout ratio (dividend as a share of the year’s net profit) is capped, and the ceiling tightens as Net NPA rises across the prescribed bands — a cleaner book permits a higher payout, a weaker book a lower one. The board computes the payout ratio on the prescribed basis and stays within the matrix. The exact Net-NPA bands and the payout-ratio ceilings against each band are set by the RBI Directions, told to confirm on the official source.

Step 3 — declare by the board within the framework; no case-by-case RBI nod where criteria are met. Where the bank satisfies the eligibility and payout conditions, the dividend is declared by the board without seeking prior RBI approval for that declaration; provisioning gaps, any assessed divergence in asset classification, and other regulatory conditions must be squared off first. A foreign bank’s branch remitting profit follows the parallel route in the framework. The conditions that switch off board discretion and require a reference to RBI are set by the Directions, told to confirm on the official source.

Step 4 — wire it into capital planning, PCA and reporting. A dividend is a capital outflow, so it is tested against the bank’s capital adequacy and ICAAP plan; a bank under Prompt Corrective Action faces dividend restrictions as part of the PCA constraints. The declared dividend is then reported to RBI in the prescribed return within the prescribed time. How the payout interacts with PCA limits and the reporting return / timeline are set by the RBI framework, told to confirm on the official source.

Step 1 — confirm the gateway and the trigger. The framework applies only where the outstanding is at or above the prescribed amount and the default is wilful — i.e. one of the defined events: default despite capacity to repay, diversion of funds to a purpose other than the sanctioned one, siphoning of funds out of the borrower, or disposal of secured assets without the lender’s consent. A mere business failure or genuine inability to pay is not wilful default. The amount threshold and the precise definition of each trigger are set by the RBI, told to confirm on the official source.

Step 2 — the Identification Committee examines the evidence. A first-stage Identification Committee examines the facts (account conduct, end-use / forensic findings, asset movement) and, if satisfied a wilful-default event has occurred, issues a show-cause notice to the borrower, the promoters, the directors / guarantors and persons in charge. They are given a fair opportunity to make a written representation within the prescribed time. The committee composition and the notice period are set by the RBI, told to confirm on the official source.

Step 3 — the Review Committee passes a reasoned order. The representation goes to a second-stage Review Committee (chaired at the prescribed senior level) which hears the borrower if sought, records a reasoned, speaking order and only then confirms the wilful-defaulter classification. The decision must be fair, evidence-based and documented end to end — this two-stage, natural-justice process is what makes the classification defensible. The committee level and the timeline to conclude are set by the RBI, told to confirm on the official source.

Step 4 — report and apply the consequences. A confirmed wilful defaulter is reported to the Credit Information Companies in the prescribed return, and the downstream bars apply: no additional credit from any lender, a restriction on the promoters floating new ventures for the prescribed period, and the lender pursuing recovery, legal and (where applicable) criminal action. Classification can be removed only through the prescribed review if the grounds no longer hold. Run any restructuring or exit through the stressed-asset resolution, one-time settlement and ARC sale routes. The reporting return, the new-venture bar period and the removal process are set by the RBI, told to confirm on the official source.

Step 1 — confirm the approval gate. Only an AD Category-I bank may operate this mechanism, and it must obtain prior approval from the RBI before opening an SRVA for a correspondent bank of the partner country. A “vostro” account is simply the partner bank’s rupee account held on the Indian bank’s books (“your account with us”), as opposed to a nostro account (the Indian bank’s account abroad). Whether prior approval is required for each arrangement and what the application must contain are set by the RBI, told to confirm on the official source.

Step 2 — due diligence on the correspondent bank. Before opening the SRVA the AD bank runs KYC / AML and correspondent-banking due diligence on the partner bank, checks it is not from a jurisdiction flagged by the relevant authorities, and obtains the prescribed financial and ownership information. The exact due-diligence standard and any restricted-jurisdiction list are set by the RBI / FEMA framework, told to confirm on the official source.

Step 3 — invoice and settle the trade in INR. The export or import is invoiced in Indian Rupees; the overseas buyer pays its domestic bank, which funds the SRVA, and the Indian exporter is paid in rupees out of that account (and the mirror flow for imports). The exchange rate between the two currencies is market-determined. How the rate is arrived at and any documentation/EDPMS-IDPMS reporting for the underlying trade are set by the RBI / FEMA framework, told to confirm on the official source.

Step 4 — permitted use of the rupee balances, reporting and compliance. Surplus balances in the SRVA may be deployed only for the permitted purposes — typically payments for projects and trade, investment in government securities, and other uses the RBI allows — and the arrangement carries ongoing FEMA reporting and compliance. The full list of permitted uses, any investment caps and the reporting returns are set by the RBI, told to confirm on the official source. For the macro picture of cross-border flows see the inward-remittances dashboard.

Step 1 — identify the right Authorised-Person category. The scope of what you may do follows the category: an AD Category-I bank handles the full range of current- and capital-account transactions; AD Category-II and FFMCs handle a defined set of money-changing and specified remittance activities; and the lighter franchisee/agent tiers handle a narrower set. Which category fits the intended business, and the exact permitted activities for each, are set by the RBI under the FEMA Authorised Persons framework, told to confirm on the official source.

Step 2 — meet the eligibility & net-owned-funds conditions and apply for authorisation. An applicant must be a company incorporated in India meeting the prescribed minimum net-owned funds (NOF) for its category, with fit-and-proper management, and must apply to the RBI for an authorisation (a licence) before commencing business. The minimum NOF figures, the fit-and-proper tests and the application contents are set by the RBI, told to confirm on the official source — this co-pilot does not quote a NOF number.

Step 3 — run KYC/AML and operate within the permitted scope. An Authorised Person must apply the KYC / AML / CFT standards to every forex transaction, encash or sell currency only against valid documents, issue the prescribed receipts/encashment certificates, and stay strictly within the activities its authorisation permits. The transaction-level KYC thresholds, document requirements and the precise list of permitted activities are set by the RBI, told to confirm on the official source. For the cross-border-flow context see the inward-remittances dashboard.

Step 4 — reporting, renewal and conduct. The authorisation is time-bound and must be renewed, the AP files the prescribed periodic returns to the RBI, maintains the required records, displays its authorisation, and remains subject to RBI inspection and to suspension/cancellation for breaches. The validity period, the renewal procedure, the return formats and the conduct/penalty regime are set by the RBI, told to confirm on the official source. Note: the exact governing regulation and its effective date should themselves be confirmed on the official RBI source — this page does not cite a specific notification number.

Step 1 — stay within permitted money-changing transactions. Money changing is the purchase and sale of foreign currency notes, coins and travellers’ cheques against rupees, for permitted purposes such as private and business travel. What an FFMC versus an AD Category-II versus a restricted money changer may do, and the per-transaction value limits, are set by the Master Direction – Money Changing Activities, told to confirm on the official source.

Step 2 — documentation, encashment certificates and cash limits. Every transaction is done against the prescribed identification and declaration, the customer is issued an Encashment Certificate / receipt, and cash purchase/sale beyond the prescribed ceilings must follow the additional documentation and settlement-by-other-than-cash rules. The exact thresholds, the receipt formats and the record-retention period are set by the RBI, told to confirm on the official source — this co-pilot does not quote a cash limit.

Step 3 — the agent / franchisee model. An authorised dealer or FFMC may extend reach through franchisees / agents under an RBI-conformant agreement, but the principal remains responsible for the agent’s conduct, training, KYC/AML and selective on-site inspection. The eligibility of agents, the agreement contents and the principal’s oversight duties are set by the RBI framework, told to confirm on the official source.

Step 4 — other remittance facilities, KYC/AML, returns and audit. Beyond money changing, the Master Direction – Other Remittance Facilities covers the smaller outward/inward remittance facilities — for example certain miscellaneous remittances and facilities linked to the Liberalised Remittance Scheme (LRS) — each with its own purpose conditions. Across all of it the operator applies KYC / AML / CFT, files the prescribed periodic returns, and submits to concurrent/statutory audit and RBI inspection. The permitted facilities, the LRS purpose conditions and limits, the return formats and the audit cadence are set by the RBI, told to confirm on the official source. Note: the current version of each Master Direction and any recent amendment dates should themselves be confirmed on the official RBI source — this page does not assert a specific amendment.

Step 1 — screen at onboarding. Before opening the account the bank screens the applicant, beneficial owners and (for entities) directors/authorised signatories against the relevant sanctions and watch lists — the UNSC consolidated list designated under the framework, plus any other lists the rulebook applies — and checks for PEP status. The exact lists, the matching standard and how connected parties are captured are set by the rulebook (told to confirm on the official source).

Step 2 — handle a sanctions hit correctly. A confirmed match to a designated person is not an ordinary alert: the account is not opened (or is frozen if already live), no funds are dealt with, and the prescribed reporting to the designated authority is made. The bank distinguishes a true match from a false positive (name similarity) by documented adjudication, and never tips off the customer. The freeze/reporting obligations and timelines are statutory — told to confirm on the official source.

Step 3 — treat a PEP as higher risk. If the customer (or a beneficial owner / close connection) is a politically exposed person, the relationship moves to enhanced due diligence: senior-management sign-off to onboard or continue, establishing the source of funds and source of wealth, and closer ongoing monitoring. PEP status is a risk flag, not an automatic refusal; the precise EDD steps and approval level are set by the rulebook (told to confirm on the official source).

Step 4 — keep screening, and link to reporting. Screening is continuous, not one-off: the bank re-screens its book when sanctions lists are updated and on a periodic-review cadence, so a customer newly designated — or newly identified as a PEP — is caught. The list-refresh frequency and review cadence are set by the rulebook (told to confirm on the official source). Where screening surfaces genuinely suspicious activity, it feeds the Principal Officer / STR-to-FIU-IND process, and the same controls support the bank’s fraud governance. Records are retained for the prescribed period.

Step 1 — measure the position against target and sub-targets. PSL is assessed on the bank’s Adjusted Net Bank Credit (or an equivalent off-balance-sheet measure, whichever is higher) against an overall target and several sub-targets. The exact percentages, the sub-target list and the measurement basis are set by the rulebook (told to confirm on the official source). A shortfall on any line — not just the headline — can attract a consequence.

Step 2 — understand the consequence: allocation in lieu of shortfall. A PSL shortfall is generally not a cash fine in the ordinary sense: a bank that misses its target/sub-target is required to contribute the shortfall amount to the Rural Infrastructure Development Fund (RIDF) maintained with NABARD and/or other funds the RBI specifies, at the prescribed terms. These are typically lower-yielding deployments, so the shortfall carries a real opportunity cost. The funds, the allocation mechanics and the rate/tenor are set by the rulebook (told to confirm on the official source). Separately, persistent or wider non-compliance can draw supervisory action and monetary penalties — see the RBI penalty tracker.

Step 3 — close the gap with the permitted instruments. A bank short on a category can buy Priority Sector Lending Certificates (PSLCs) from banks with a surplus — trading the priority-sector achievement without transferring the underlying loan — and can originate eligible assets through co-lending with NBFCs, on-lending and other RBI-recognised routes. Each route has its own eligibility and classification rules (told to confirm on the official source).

Step 4 — report, and build it into planning. The bank reports its PSL achievement in the prescribed returns on the prescribed cadence, and treats PSL as a year-round origination target rather than a quarter-end scramble — aligning agriculture, MSME (KCC), weaker-section and micro-enterprise lending to the sub-targets so a shortfall, and its RIDF cost, is avoided in the first place. The return formats, cadence and any averaging basis are set by the rulebook (told to confirm on the official source).

Step 1 — clear the authorisation gate. Only a company holding a Certificate of Registration (CoR) as an NBFC-P2P from the RBI may operate a peer-to-peer lending platform. Registration turns on the company form, a minimum net-owned-funds floor, fit-and-proper management and a technology/operations readiness review. The exact net-owned-funds figure, the application route and the conditions of registration are set by the rulebook (told to confirm on the official source).

Step 2 — understand the platform-only role (what you may NOT do). An NBFC-P2P is an intermediary, not a lender: it may not lend on its own balance sheet, may not take deposits, may not provide or arrange any credit guarantee or credit enhancement, and may not hold lenders’ or borrowers’ funds on its own books. It connects participants, performs due diligence and documentation, prices/services as permitted, and earns a fee — the credit risk sits with the lenders. Cross-selling is restricted to permitted categories. The precise list of permitted and prohibited activities is set by the rulebook (told to confirm on the official source).

Step 3 — apply the exposure caps. The framework caps concentration on both sides: an aggregate ceiling on how much a single lender may have outstanding across all P2P platforms, an aggregate ceiling on how much a single borrower may take across all P2P platforms, a cap on a single lender’s exposure to the same borrower, and a maximum tenor on each loan. These caps are the heart of consumer protection on a P2P platform, so they are enforced and certified. Every one of those caps, the certification mechanism and the maximum tenor is set by the rulebook (told to confirm on the official source).

Step 4 — move money only through the escrow mechanism. Funds must never touch the platform’s own account: all disbursement and repayment flows pass through escrow accounts operated by a bank-promoted trustee — typically one escrow for funds from lenders pending disbursal and one for collections/repayments pending onward transfer — with no cash transactions permitted. The number of escrows, the trustee arrangement and the settlement mechanics are set by the rulebook (told to confirm on the official source).

Step 5 — disclose, treat fairly, redress, and report. The platform discloses borrower profile and risk to lenders and lender terms to borrowers, follows a fair-practices code and a recovery/outsourcing standard, runs a grievance-redressal mechanism with a nodal officer, protects data, and files the prescribed returns with the RBI on the prescribed cadence. The disclosure set, the fair-practices and recovery standards, and the return formats and timelines are set by the rulebook (told to confirm on the official source).

Step 1 — confirm what counts as a “banking outlet” and whether general permission applies. The framework works on the concept of a banking outlet (a fixed-point service-delivery unit, whether a full branch or a lighter outlet) rather than only a traditional branch. Domestic scheduled commercial banks generally have general permission to open, shift, convert or close banking outlets, while certain bank categories or certain centres may still need prior RBI approval. The exact definition of a banking outlet, which bank categories have general permission and which moves need prior approval are set by the RBI, told to confirm on the official source.

Step 2 — meet the unbanked-rural-centre (financial-inclusion) obligation. A defined minimum proportion of the banking outlets a bank opens in a financial year must be in unbanked rural centres (the lower-tier population centres that have no existing banking outlet). The exact required proportion, the tier/population definitions and how a centre is classified as “unbanked rural” are set by the RBI, told to confirm on the official source — this co-pilot does not quote a percentage. For the geography context see the Financial Inclusion Index dashboard.

Step 3 — act under a board-approved policy and report in the prescribed return. Opening, shifting, converting or closing outlets must follow a board-approved annual branch-expansion policy, and each action is reported to the RBI in the prescribed return within the prescribed time. Core-banking connectivity, customer-service, signage and grievance-display conditions apply to every outlet. The return formats, the reporting timelines and the service conditions are set by the RBI, told to confirm on the official source.

Step 4 — handle the special cases. Some situations carry extra conditions or need prior approval — for example specified centres (such as certain North-Eastern, hill or LWE-affected areas), and specific bank categories (foreign banks, regional rural banks, co-operative banks, small finance / payments banks). Which centres and categories attract prior approval or relaxations, and the conditions attached, are set by the RBI, told to confirm on the official source.

Step 1 — confirm the bank is an authorised agency bank and has the necessary agreement. Government business is conducted only by banks that the RBI has appointed / authorised as agency banks under its Government-business framework, typically backed by an agreement / memorandum of understanding with the RBI and the relevant government accounting authority. Whether a given scheduled commercial bank (public-sector or private) is authorised, for which governments and which types of business, and the onboarding conditions are set by the RBI, told to confirm on the official source.

Step 2 — map the eligible transactions: receipts and payments. Agency business broadly covers government revenue receipts (direct and indirect taxes, increasingly through electronic / e-payment channels), government payments (such as pension and other disbursements) and certain other government transactions. Which transaction categories are agency-commission-eligible — and which are specifically excluded — is defined by the RBI, told to confirm on the official source; this co-pilot does not quote any rate or category list.

Step 3 — remit Government money on time and observe the penal-interest discipline. Government receipts must be credited / remitted to the government account within the prescribed time; delayed remittance attracts penal interest. The remittance timelines, the penal-interest rate and how it is computed are set by the RBI, told to confirm on the official source — no figure is asserted here.

Step 4 — claim agency commission through the prescribed, audit-certified process. Agency commission for eligible transactions is claimed in the prescribed format, supported by the required auditor / official certification, and settled through the RBI. The applicable commission rates (per-transaction or turnover-based, by category), the claim format, the certification requirement and the settlement mechanism are set by the RBI, told to confirm on the official source.

Step 1 — route the package through the board’s Nomination & Remuneration Committee and a board-approved compensation policy. The bank must have a board-approved compensation policy designed and overseen by the Nomination & Remuneration Committee (NRC) of the Board, aligned to prudent risk-taking. Compensation of WTDs / MD&CEO additionally requires RBI prior approval / regulatory review. The exact governance steps, who is covered as an MRT, and the approval route are set by the RBI, told to confirm on the official source.

Step 2 — split the package into fixed and variable pay within the prescribed limits. Total compensation is structured as fixed pay (including perquisites) and variable pay linked to performance and risk outcomes. The RBI sets the cap on variable pay as a proportion of fixed pay and the mix of cash and share-linked instruments within variable pay. The applicable caps, the share-linked minimum and the treatment of perquisites are set by the RBI, told to confirm on the official source; this co-pilot quotes no percentage.

Step 3 — defer variable pay and vest it over time. Where variable pay exceeds a prescribed threshold, a minimum portion must be deferred over a vesting period, with a defined share delivered as share-linked instruments, so reward tracks risk that materialises later. The deferral threshold, the deferred proportion, the vesting horizon and the share-linked share are set by the RBI, told to confirm on the official source — no figure is asserted here.

Step 4 — build in malus / clawback and avoid guaranteed bonuses. The policy must provide malus (forfeiting unvested deferred pay) and clawback (recovering already-paid pay) on defined triggers such as risk, misconduct or restatement, and must restrict guaranteed / sign-on bonuses and golden-parachute-type arrangements. The trigger conditions, the look-back window and the restrictions are set by the RBI, told to confirm on the official source.

Step 1 — confirm eligibility and access. LAF and the standing facilities are open to eligible participants (scheduled commercial banks and certain other entities) holding a current account and an SGL/securities account with the RBI. Whether a given bank category may access each window, and the account and operational prerequisites, are set by the RBI, told to confirm on the official source.

Step 2 — borrow a deficit via variable/fixed-rate repo and, at the margin, the MSF. A bank short of funds can borrow against eligible collateral under LAF repo operations (fixed-rate and variable-rate auctions, of varying tenors), and as a last-resort overnight window can use the Marginal Standing Facility, which sits at the upper bound of the policy corridor. The eligible collateral, the haircuts, the auction tenors and the MSF rate and any limit are set by the RBI, told to confirm on the official source — this co-pilot quotes no rate.

Step 3 — park a surplus via the SDF (and variable-rate reverse repo). A bank with surplus funds can deposit them with the RBI under the Standing Deposit Facility — an uncollateralised absorption window that sets the lower bound of the corridor — or participate in variable-rate reverse-repo auctions. That the SDF is uncollateralised, its rate relative to the repo rate, and the reverse-repo mechanics are set by the RBI, told to confirm on the official source.

Step 4 — operate within the corridor, the rules and the reporting. All of this runs through the RBI’s electronic platform (e-Kuber / CBS), within the policy corridor (SDF at the floor, repo in the middle, MSF at the ceiling), and must respect bidding windows, settlement timing and the bank’s own CRR/SLR and LCR obligations — LAF/MSF/SDF manage frictional liquidity, they do not substitute for statutory reserves. The windows, timings, corridor width and any quantitative limits are set by the RBI, told to confirm on the official source.