Cyber Fraud In Bank - Case of a Bank Where The Independent Directors Failed Necessary Disclosures Under The Corporate Governance Law.

 Corporate Governance Practice Audit  

* Birendra K Jha                                                                                                                                                                       Independent Director, IICA ( Ministry of Corporate Affairs ); Corporate Governance  Practice Audit; CSR Social Impact - CSR Planning & Implementation;  Expert Company Law -SEBI Law - Social & Environmental Law   EMail: birendrajha03@yahoo.com


The Independent Directors sitting in Banks have failed in executing their duties towards protecting the Corporate Governance. The Cyber Fraud, the cancer of the Banks are growing geometrically at a fast rate. Here is a case where the Independent Directors failed to disclose necessary disclosures under the SEBI LODR Regulation 30 and take effective  "Post Measures" on monitoring the Cyber Fraud.  This is quality and vast skill gap of the Independent Directors. The Secretarial Compliance Audit has failed again her to detect this major lapse. 


Background: 

This is SEBI LODR Regulation 30 violation by the Bank. The Independent Directors failed to provide proper governance on a severe lapse cited here. This Bank is listed in the NSE and BSE. In April 2024 the Reserve Bank of India had imposed restriction on this Bank prohibiting:

a) Onboarding of new customers through digital channels.

b) Issuance of fresh credit cards.

The RBI has taken the action based on the deficiencies observed during the RBI IT examinations in 2022–23 cycle. However, the ban lifted in February 2025 after submission of an external auditor’s validation report. It represents a high-severity on the  IT governance weaknesses.  The depth of transparency regarding root cause and remediation scope are needed to be tested through the investors perspective and not through the RBI lens.  

What Disclosures Needed To Be Disclosed By The Company  In The Interest Of The Investor : 

Following disclosures are needed: 

a) Name and scope of the external IT remediation auditor

b) Confirmation whether full enterprise IT Governance re- was performed or not ?

c) Review Board-level cyber fraud controlling  governance expertise composition are available or not ? 

d) Confirm whether IT Department  reporting lines were strengthened or not?

e) Track FY26 disclosures for recurrence risk signals.

f) Monitor credit card & digital growth rebound for system stability indicators.

g) Board level meeting on the IT Corporate Governance matter. 

Here two things are important. The ban was imposed in 2024. This ban was removed in 2025 after an external IT Audit. Hence, complete transparency is needed here on the IT Auditor. This transparency is missing. Who performed the job; what was the scope; what deficiency it noted etc.  It should must disclose clearly whether the above mentioned seven areas are attended or not ? 

This is disclosure related violation under the SEBI LODR Regulation 30. Though the Bank had filed at both the exchanges at the BSE & NSE on the ban intimation and removal of the ban. This was a Material Event with severe financial impact. But more important thing which was not disclosed what was the root cause analysis, what was the countermeasure etc. 

This attracts financial implication. The immediate market reaction & analyst after the RBI ban when lifted came from the analyst houses  like Macquarie, UBS, Morgan Stanley & Goldman Sachs. All  called the removal a positive catalyst for the financial growth. The ground of the ban removal after 10 months by the RBI was not only  a matter for the  RBI, but the investor, at the other side was also needed to be satisfied on the IT Compliance side. But this was not done.  

For the satisfaction of the investor,  the IT related Corporate Governance  disclosures, in the Annual Report, are missing. There is nothing on the listed area of  disclosures mentioned in the box.   

Hence, clearly  this is the disclosure compliance violation under the SEBI LODR Regulation 30.  The Independent Directors have failed in their duty to bring this disclosure.  There duty is more clear In view of the following judgements from the Hon'ble Supreme Court of India and the various High Courts in India: 

In State Bank of India Vs. Pallabh Bhowmick & Ors, the Hon'ble Supreme Court has ruled : Banks must remain vigilant and use best available technology to detect/prevent fraud. 

In Delhi High Court in Hare Ram Singh Vs. Reserve Bank of India & Ors case  the Hon'ble  Court emphasized that the bank, acting as agent of the customer, has an implied duty to exercise reasonable care and act swiftly on fraud detection.

These two important rulings bind the Independent Directors to remain more vigil and aggressively monitoring the cyber fraud cases. But, the Independent Directors remained here silent and failed to execute their defined duty.

After the RBI ban was removed from the stated Bank, a cyber  fraud incident reported in the media ( 10 Feb 2026 ). Where within minutes, a Delhi based CA lost Rs 75,694 from the credit card. This credit card was from the same bank which was banned in 2024 by the RBI.  This demonstrates that the IT related Corporate Governance is still poor here and this puts question mark on   the qualification of the  IT Audit. 

                                   


 


Comments

Post a Comment

Popular posts from this blog

Impact Assessment of Satellite Audit of Nuclear Radiation Site , Analysis & Detection of Silver Cloud Over the Kirana Hill.

Image
      * BIRENDRA  K JHA   Impact Assessment Study by HR Lab  Satellite image of Kirana Hill, Pakistan. The top construction at the top-hill area is the nuclear warhead administration site, with secret tunnels under this site.  Unaudited nuclear establishments now  a days are problems for civilized society. Such establishments have released nuclear radiation in static condition and completely creates dangerous situation when site is blasted. There is no standard SOP, in the case of Kirana Hill , how to handle site, if  nuclear explosion goes here. Satellite image of two tunnel gates, situated side by side at Kirana Hill. The roof is of hard concrete - stainless steel fabricated material. The tunnel enters deep inside the mountain.  Such tunnels are dangerous for civilized human society, if site is not regularly assessed through the Social Audit and "Five-S" are maintained here in excellent condition. The Five-S at the site is very poor....
Read more

Poor HR Practice - Human Right Violation in Handling Trade Union - Case of Nestle India

Image
  Human Right Research - BRSR  (SEBI)  AUDIT :  * Birendra K Jha                                                                                                                                                                                 Certified Social Auditor; Practitioner Social Impact Assessment Audit; Practitioner BRSR (SEBI ) Audit- ESG Audit. EMail:  birendrajha03@yahoo.com In Nestle India,  track history is seen of trade union unrest. This is not healthy indicator. Social Auditors auditing such industry for t...
Read more