Banking

Rs 4.6 Crore Fraud: Why Banks Bear The Primary Liability For Employee Actions

In this case, the customers did not authorise any transactions, did not knowingly share details with any outside fraudster, and were often elderly or less educated and unaware of how the fraud occurred. So, ICICI reimbursed customers or is in the process of reimbursing them

Shutterstock
Rs 4.6 Crore Bank Fraud Photo: Shutterstock
info_icon

The recent case of an ICICI bank employee committing fraud of Rs 4.6 Cr has shaken public confidence. Most of the money belonged to fixed deposit (FD) customers who were not very active or had shown little interest in the bank's operations. Most of us are happy that we are not victims, but it is very important to know what lies ahead if such a thing happens to you.

The Liability Lies With The Bank If It Is Their Fault 

First of all, if the bank's staff has been doing a willful fraud by siphoning off your money, is the bank liable to pay you back? Yes, the primary liability lies with the bank. When fraud is committed by a bank employee while discharging their official duties, the bank is held liable, not the individual alone. Banks must act as fiduciaries—they're trusted to manage customer money with the highest standard of care. 

Advertisement

"Under Indian law (and globally), employers are also held completely liable for the wrongful doings of their employees if committed in the course of employment," says Madhupam Krishna, Securities and Exchange Board of India (Sebi) registered investment advisor (RIA) and chief planner, WealthWisher Financial Planner and Advisors.

In the above-mentioned recent case, the fraud was carried out using internal access, digital systems, and customer account controls—all of which the employee had access to because of her role. This brings the bank into the legal frame.

Banks Should Have A System In Place To Prevent Such Frauds 

Banks are trusted, and it is expected that they put strong processes like multiple approvals, setting approval limits, a maker and checker process, system red flags, and internal and external audits to catch someone with ill intentions. 

Advertisement

"It is the duty of seniors in the bank or head office (HO) to check the employee's conduct, too. They should have investigated internally when they see behavioural changes like a lifestyle change, overpowering juniors, spending more time on the job than normal, resisting change of seats, rotation of duties, or declining internal transfers," says Krishna.

Yes, typically, the bank will reimburse the customer, but only under certain conditions. In case of internal employee fraud (unauthorised debit/FD closure without customer consent, changing the customer's address or phone to stop information access without consent), the bank will make full reimbursement.

"However, if the customer is found negligent, such as by sharing confidential details, the liability may shift. In short, banks usually reimburse in employee-related frauds, but it requires timely reporting, a formal complaint, and no fault on the customer's part," says Adhil Shetty, CEO, BankBazaar.com. 

Advertisement

In the ICICI case, the customers did not authorise any transactions, did not knowingly share details with any outside fraudster, and were often elderly or less educated and unaware of how the fraud occurred. So, ICICI reimbursed customers or is in the process of reimbursing them.

What Should You Do If You Know You Are Compromised  

"First things first - block your debit/credit card and net banking access immediately. Use the bank's mobile app, net banking, or customer care number to block the debit/credit card linked to the transaction. Disable net banking/UPI access if it seems compromised," says Krishna.

Most banks have 24x7 toll-free numbers and IVR options to do this in minutes. Always store the numbers on your phone, preferably the phone that has your official number with the bank. After blocking, immediately send a formal complaint, including account number, unauthorised transaction details, timestamps, and any screenshots/SMS alerts. 

Advertisement

Do mention if you did not share any OTP, PIN, or password. The complaint can be made on the bank's email, to the local branch managers' email, or by visiting if it is during the banking hours. Get an acknowledgement (email or complaint reference number).

If needed, file a police complaint or cybercrime report by visiting your local police station or India's cybercrime portal: cybercrime.gov.in. This is especially important for larger frauds or if your identity was misused.

Wait for the bank's resolution of your case. If your bank delays or refuses, or you are not satisfied with the bank's response, escalate the matter to the banking ombudsman.

How You Can Protect Yourself

As prevention is better than a cure, make some ground rules when it comes to banking transactions. Never Share OTPs or PINs—Even with bank Staff. It is a strict code of conduct for bank employees not to ask OTPs, net-banking passwords or CVV numbers, or PINs. If someone, even a known manager, on the pretext of helping, asks for these, it's a red flag.

Always monitor SMS & email Alerts. Keep your mobile number and email updated by the bank. Never turn off alerts for FD creation/closure, overdrafts, password/PIN resets, and high-value transactions. If you suddenly stop getting alerts or notice unknown changes in your contact details, report it immediately. If you see small credits of Re 1 or 2, report it to the bank. It may be someone testing your bank access.

Regularly check your balance and statement, at least weekly if you are a regular user. Keep copies of FDs or digital PDF statements. Get these directly from bank systems, not handwritten or email-based summaries. Be careful and wary of 'too friendly' Relationship Managers. A personal rapport is fine, but be alert if a staffer tries to handle your entire portfolio independently. Ask him to also use his seniors' opinions. It could be an attempt to commit fraud or cover one.

Never rely on a single person as a contact in the bank. Always keep two to three contacts. Never rely on bankers who say, "Don't worry, anything for you, Sir" (natural charmers). Avoid bankers who deny giving written communications; ask you to sign blank forms.

Most internal fraud victims are elderly, because scammers know they are easily trusting and less digitally active. So, help elderly family members stay aware. Teach your parents or elders to never share OTPs or trust phone calls, even from their bank. Ask them to take your help before signing or confirming anything.

"Also, set up low-value transaction alerts, even for Rs 1. Check your account online often, especially if it's dormant or belongs to a senior citizen. This helps catch any unauthorised withdrawals early," says Shetty.

CLOSE