In a landmark move, the Reserve Bank of India has directed five banks to compensate a victim of a massive cyber fraud, ordering ₹1.31 crore in relief in a ₹23 crore “digital arrest” scam. The decision marks a significant shift in holding financial institutions accountable, signalling that lapses in monitoring and safeguards will no longer go unchecked.

The ₹23 Crore Digital Arrest Scam: A Chilling Case

The case centres on 78-year-old retired banker Naresh Malhotra, who fell victim to an elaborate fraud beginning in August 2025. Scammers impersonating law enforcement officials claimed he was linked to serious crimes, including narcotics trafficking and terror financing through his Aadhaar credentials. Under constant psychological pressure, he was made to believe he was under “digital arrest,” isolating him from family and advisers.

Over several months, Malhotra was coerced into liquidating investments and transferring funds through 21 high-value transactions across 16 bank branches. The stolen money—₹22.92 crore—was quickly fragmented into thousands of smaller transfers and routed through hundreds of mule accounts, making recovery extremely difficult.

The case was initially investigated by Delhi Police’s Intelligence Fusion & Strategic Operations unit before being handed over to the Central Bureau of Investigation, given its scale and complexity.

RBI’s Compensation Order: A Turning Point

On 25 February 2026, the RBI Ombudsman issued a detailed order holding multiple banks partially liable. Axis Bank, City Union Bank, ICICI Bank, and IndusInd Bank were each directed to compensate 5 per cent of the funds routed through them, while Yes Bank was ordered to pay 7.5 per cent due to “additional lapses.”

Though the total compensation—₹1.31 crore—is only a fraction of the loss, the ruling is symbolically powerful. It explicitly recognises that failures in Know Your Customer (KYC) compliance, weak transaction monitoring, and delayed response to suspicious activity contributed to the fraud.

Supreme Court Oversight and Systemic Concerns

The case has drawn the attention of the Supreme Court of India, which is examining broader systemic failures in handling cyber fraud. The Court has emphasised that banks cannot escape liability when clear red flags—such as large transfers to newly opened or dormant accounts—are ignored.

It has also called for nationwide implementation of RBI’s standard operating procedures for digital frauds and tasked investigative agencies with mapping such crimes across the country. Data presented to the Court revealed cyber fraud losses exceeding ₹52,000 crore between 2021 and 2025, highlighting the scale of the crisis.

A New Era of Shared Responsibility

This case sets an important precedent in India’s fight against cybercrime. It shifts the narrative from victim-blaming to institutional accountability, recognising that consent extracted under coercion cannot absolve systemic failures.

While the compensation may seem modest compared to the total loss, its real impact lies in establishing a principle: banks must actively safeguard customers and bear consequences for lapses. As digital frauds grow more sophisticated, this ruling could pave the way for stronger protections, improved vigilance, and a more balanced sharing of risk within India’s financial ecosystem.

(With agency inputs)