The RBI Master Direction on Fraud Risk Management and Monitoring in NBFCs (issued September 28, 2023) applies to all deposit-taking NBFCs, non-deposit-taking NBFCs with asset size of ₹500 crore and above, Housing Finance Companies, and Core Investment Companies. It mandates the establishment of a Fraud Risk Management framework including Board-approved policies, a dedicated Fraud Risk Management function, classification criteria for fraud events, and timely reporting obligations to RBI. The framework requires NBFCs to implement a four-lines-of-defence model, conduct fraud risk assessments, establish early warning systems, and report frauds to the Central Fraud Registry within specified timelines. It aligns NBFC fraud management practices with banking sector standards while recognising the distinct operational characteristics of NBFCs.

• Establishes uniform fraud classification and reporting standards across the NBFC sector, enabling better sectoral surveillance and early detection of systemic fraud patterns
• Mandates Board and Senior Management oversight through dedicated committees, ensuring fraud risk management receives strategic attention and adequate resource allocation
• Requires integration with Central Fraud Registry and Central Repository of Information on Large Credits (CRILC), enabling cross-institution fraud pattern recognition and prevention of fraud migration
• Prescribes timeline-bound reporting obligations (within 3 weeks of detection for frauds ≥₹1 lakh) ensuring regulatory visibility and swift supervisory intervention
• Mandates staff accountability measures, fraud awareness training, and whistle-blower mechanisms creating a culture of fraud prevention and ethical conduct

• Many smaller NBFCs lack sophisticated fraud analytics capabilities and technological infrastructure required for real-time transaction monitoring and pattern recognition systems
• Definition of 'fraud' versus 'operational loss' remains subjective, leading to inconsistent classification across NBFCs and potential under-reporting of genuine fraud events
• Limited guidance on fraud risk management in digital lending partnerships and fintech collaborations where NBFCs act as balance sheet lenders but lack operational control
• Forensic investigation capabilities are inadequate in mid-sized NBFCs with many relying on external agencies without internal expertise to guide investigations or preserve digital evidence
• Cross-border fraud tracing mechanisms are weak, particularly for NBFCs involved in trade finance or international remittances where fraudsters exploit jurisdictional gaps

• DHFL (Dewan Housing Finance Corporation Limited) fraud case exposed in 2019 involved siphoning of over ₹31,000 crore through fraudulent related-party transactions and layered company structures, highlighting gaps in related-party monitoring and governance oversight that the current framework addresses through enhanced Board scrutiny.
• In 2022, several gold loan NBFCs including Manappuram Finance reported instances of gold pledge frauds where customers pledged counterfeit or gold-plated ornaments, leading RBI to mandate specific fraud risk controls for collateral-based lending and physical verification protocols under the framework.
• Punjab & Maharashtra Cooperative Bank fraud involving HDIL exposed how NBFCs' exposure to builder-promoter frauds necessitated the Central Fraud Registry integration, after DHFL and other NBFCs were found to have extended credit to the same fraudulent promoters without cross-institutional fraud alerts.

• Invest in advanced fraud analytics platforms with machine learning models trained on India-specific fraud typologies including KYC fraud, digital lending app frauds, and cash loan scams prevalent in NBFC operations
• Establish dedicated fraud investigation units with certified forensic professionals rather than relying solely on internal audit teams, and create standard operating procedures for digital evidence preservation
• Develop collaborative fraud intelligence sharing mechanisms beyond regulatory reporting, including industry consortiums and real-time alerting systems for emerging fraud modus operandi across NBFCs
• Strengthen third-party risk management frameworks specifically for digital lending partnerships, fintech integrations, and collection agencies where fraud risks are outsourced but accountability remains with NBFCs