RBI's strict action: ₹2.5 crore fine on 5 banks including ICICI, Axis, negligence in cyber security and KYC

New Delhi: The Reserve Bank of India (RBI) has imposed a total fine of ₹2.52 crore on five major banks of the country—ICICI Bank, Axis Bank, Bank of Baroda, IDBI Bank, and Bank of Maharashtra—for regulatory violations. This action was taken due to deficiencies in cyber security, KYC (Know Your Customer) rules, customer service, and internal account management. RBI clarified in a statement issued on May 2, 2025 that this fine is for deficiencies in regulatory compliance and will not affect the validity of transactions or agreements made by banks with their customers. Let us look at the facts of this action and its effects. 

RBI's tough step: Why was the fine imposed?

RBI conducted a statutory inspection for supervisory evaluation to check the financial condition and regulatory compliance of these banks, which revealed several serious violations. Each bank was fined for different reasons:

ICICI Bank (₹97.8 lakh):

Not reporting the cyber security incident to RBI within the stipulated time.

Not implementing an effective alert system for certain account categories.

Charging late payment fees without sending statements to credit card holders, which is a violation of customer protection rules.

Axis Bank (₹29.6 lakh):

Routing unauthorized or unrelated transactions through internal or office accounts, which is a violation of RBI's internal operating guidelines.

Bank of Baroda (₹61.4 lakh):

Giving non-cash incentives by insurance companies to employees selling insurance products.

Not regularly crediting interest to inactive or frozen savings accounts.

IDBI Bank (₹31.8 lakh):

Charging more than the applicable rate of interest on Kisan Credit Card (KCC) accounts, which is a violation of the government's interest subvention scheme.

Bank of Maharashtra (₹31.8 lakh):

Opening multiple savings accounts in a non-face-to-face manner through Aadhaar OTP-based e-KYC, without following the prescribed regulatory requirements.

Basis of RBI action

RBI had issued show cause notices to these banks, whose replies and oral hearings confirmed the violations. The central bank said that this action is to strengthen compliance, cybersecurity, and customer confidence in the age of digital banking. The rise in cyber attacks in recent years, especially phishing incidents targeting customers of banks like ICICI, HDFC, and Axis, has further alerted the RBI.

Action has been taken earlier also

This is not the first time RBI has imposed fines on these banks:

• 2023: ICICI Bank fined ₹12.19 crore as it lent loans to companies in which two of its directors were involved.
• 2021: Axis Bank fined ₹5 crore for violating cybersecurity and financial inclusion rules.
• 2013: ICICI, Axis, and HDFC Bank fined ₹10.5 crore for violating KYC and anti-money laundering rules.

These fines show that RBI is strictly monitoring to maintain transparency and discipline in the banking system.

Impact on customers

RBI clarified that this fine will not affect the transactions or agreements made by banks with their customers. However, experts believe that this action will increase customer confidence, as it shows that wrong practices in banking are being monitored.

Also, violation of cybersecurity and KYC rules can put customers at risk. For example, ICICI Bank's delay in cyber security could increase the risk of a potential data breach.

Expert analysis

Financial analyst Professor Anil Sharma said, "This move of RBI is necessary for discipline and customer protection in the era of digital banking. Ignoring cyber security and KYC rules can lead to big risks." On the other hand, some experts believe that despite repeated fines, the improvement in banks is slow, for which more stringent measures are needed.

Conclusion

RBI's imposition of a fine of ₹2.52 crore on ICICI, Axis, Bank of Baroda, IDBI, and Bank of Maharashtra is a major step towards strengthening compliance and transparency in the banking sector. This action underlines the need to improve cybersecurity, KYC, and customer service. While this will not have a direct impact on customers, it is a warning to banks to further strengthen their processes. Will this fine make banks more responsible, or will it remain just a formality? Only time will tell.