The Reserve Bank of India (RBI) has, by an order dated July 11, 2025, imposed a monetary penalty of ?3.00/- lakh (Rupees Three Lakh only) on Sarvodaya Nagrik Sahakari Bank Ltd., Himatnagar, Dist. Sabarkantha, Gujarat (the bank) for non-compliance with certain directions issued by RBI on ‘Comprehensive Cyber Security Framework for Primary (Urban) Cooperative Banks (UCBs) – A Graded Approach’ and ‘Harmonisation of Turn Around Time (TAT) and customer compensation for failed transactions using authorised Payment Systems’. This penalty has been imposed in exercise of powers conferred on RBI under the provisions of Section 47A(1)(c) read with Sections 46(4)(i) and 56 of the Banking Regulation Act, 1949 and Section 30(1) read with Section 26(6) of the Payment and Settlement Systems Act, 2007.

The statutory inspection of the bank was conducted by the RBI with reference to its financial position as on March 31, 2024. Based on supervisory findings of non-compliance with RBI directions and related correspondence in that regard, a notice was issued to the bank advising it to show cause as to why penalty should not be imposed on it for its failure to comply with the said directions. After considering the bank's reply to the notice and oral submissions made during the personal hearing, RBI found, inter alia, that the following charges against the bank were sustained, warranting imposition of monetary penalty:

The bank had failed to:

conduct Vulnerability Assessment (VA) and Penetration Testing (PT) of its internet facing mobile application as per the prescribed periodicity; and

provide compensation for certain failed IMPS and UPI transactions, which were not auto-reversed within the prescribed timeline.

This action is based on deficiencies in regulatory compliance and is not intended to pronounce upon the validity of any transaction or agreement entered into by the bank with its customers. Further, imposition of this monetary penalty is without prejudice to any other action that may be initiated by RBI against the bank.