In February 2025, the Reserve Bank penalised The Salem Urban Co-operative Bank for three charges in a single order: sanctioning director-related loans, breaching unsecured advance limits, and failing to upload KYC records to the Central KYC Records Registry within the prescribed timeline. The penalty was Rs 1.75 lakh. That amount would barely cover a month's electricity bill at a mid-sized branch. But the penalty itself was never the point. The point was the inspection finding behind it --- the discovery that a bank's own directors were borrowing from the institution they governed, that basic exposure norms were being ignored, and that customer identification records were not reaching the national registry. This is what running an urban co-operative bank actually looks like in practice: a permanent tension between co-operative identity and banking regulation.
"The Reserve Bank of India (RBI) has, by an order dated February 07, 2025, imposed a monetary penalty of Rs 1.75 lakh ... for non-compliance with certain directions issued by RBI on 'Loans and advances to directors, their relatives, and firms / concerns in which they are interested', 'Exposure Norms and Statutory / Other Restrictions -- UCBs', and 'Know Your Customer (KYC)'." --- Penalty on Salem UCB, February 2025 (RBI imposes monetary penalty on The Salem Urban Co)
Why is a UCB not just another bank?
A primary (urban) co-operative bank is, at its legal root, a co-operative society that happens to hold a banking licence. Its members are simultaneously shareholders, depositors, and often borrowers. The board of directors is elected by the general body of members --- not appointed by a nominations committee screening for financial expertise. This dual identity creates the governance gap that every subsequent regulation attempts to close. Because the board is elected, directors often come from the community the bank serves. Because directors come from the community, they frequently have business interests that overlap with the bank's lending book. Because those interests overlap, the RBI has been forced to ban director lending outright, mandate a separate Board of Management, and build an entire supervisory apparatus around the specific failure modes of co-operative governance.
The Board of Management guidelines of December 2019 RBI/2019-20/128 required UCBs with deposits of Rs 100 crore and above to constitute a BoM comprising persons with professional banking knowledge, separate from the elected board. Why? Because the RBI's own Expert Committee, constituted in February 2021, had found that elected boards were not equipped to oversee banking operations. The Malegam Committee had said the same thing a decade earlier. The Governor himself told a conference of UCB directors in August 2023 that governance was the single most important issue in the sector.
"The Governor stressed that the quality of governance was the most important aspect in ensuring stability of individual banks and urged the Directors of UCBs to further strengthen governance practices, especially the three supporting pillars of Compliance, Risk Management, and Internal Audit." --- Conference for Directors of UCBs, August 2023 (Conference for the Directors on the Boards of sele)
For more on how co-operative bank regulation evolved from minimal oversight to the current framework, see Co-operative Banks in India --- The Complete Regulatory Timeline.
What are the prudential norms a UCB must meet?
Since December 2022, the RBI has classified UCBs into four tiers based on deposit size RBI/2022-23/144 (since withdrawn), replacing the old two-tier system. Tier 1 covers all unit UCBs, salary earners' UCBs, and any UCB with deposits up to Rs 100 crore. Tier 2 runs from Rs 100 crore to Rs 1,000 crore. Tier 3 from Rs 1,000 crore to Rs 10,000 crore. Tier 4 covers everything above Rs 10,000 crore. Every major prudential requirement now varies by tier, because a salary earners' bank in a single district faces fundamentally different risks than a multi-state UCB with Rs 15,000 crore in deposits.
Capital adequacy splits along the same line. Under the net worth and capital adequacy circular of December 2022 RBI/2022-23/146 (since withdrawn — superseded by the November 2025 entity-specific directions), Tier 1 UCBs were required to maintain a minimum CRAR of 9 per cent of risk-weighted assets. Tier 2 through Tier 4 UCBs were required to maintain 12 per cent, with a glide path that required 10 per cent by March 2024, 11 per cent by March 2025, and the full 12 per cent by March 2026. For a UCB that has historically operated on thin margins and member capital, achieving a 12 per cent CRAR means either raising fresh capital from members or shrinking the risk-weighted asset book --- neither of which is easy when the members are also the borrowers.
"Tier 2 to 4 UCBs shall maintain a minimum CRAR of 12 per cent of RWAs on an ongoing basis. UCBs in Tier 2 to 4, which do not currently meet the revised CRAR of 12 per cent of RWAs, shall achieve the same in a phased manner." --- UCB Net Worth and Capital Adequacy RBI/2022-23/146 (since withdrawn — superseded by the November 2025 entity-specific directions)
Exposure limits are equally tight. The March 2020 circular on exposure norms RBI/2019-20/171 set single-borrower exposure at 15 per cent and group exposure at 25 per cent --- of Tier I capital, not total capital funds. The same circular required that at least 50 per cent of a UCB's aggregate loans comprise small loans of no more than Rs 25 lakh per borrower. This is by design: the RBI wants UCBs to stay small-ticket lenders, not chase large corporate exposures they lack the credit infrastructure to monitor.
Housing loan ceilings follow the tier structure. The December 2022 circular RBI/2022-23/159 caps individual housing loans at Rs 60 lakh for Tier 1 UCBs and Rs 140 lakh for Tier 2 through Tier 4. For a fuller account of these lending, investment, and deposit constraints, see UCB Lending, Investment & Deposit Norms.
How heavy is the operational burden?
Consider what a UCB with three branches must do every day. It must run a Core Banking Solution --- the RBI issued CBS requirements specifications through IDRBT in August 2017 RBI/2017-18/47 and had already provided financial assistance for implementation via the April 2016 scheme RBI/2015-16/368. Every customer account must be KYC-compliant, with records uploaded to the Central KYC Records Registry. Suspicious transactions must be reported to FIU-IND. Large exposures must be reported to the Central Repository of Information on Large Credits, as the December 2019 CRILC circular RBI/2019-20/125 (since withdrawn) directed. Larger UCBs must implement system-based asset classification --- meaning automated NPA recognition through CBS, not manual reclassification by the branch manager --- per the August 2020 circular RBI/2020-21/23 (since withdrawn).
Then there is cyber security. The Basic Cyber Security Framework of October 2018 RBI/2018-19/63 acknowledged that some UCBs offer internet banking while others still maintain books on a standalone computer. It mandated a Board-approved cyber security policy, a cyber crisis management plan, and immediate reporting of all cyber incidents. The Comprehensive Cyber Security Framework of December 2019 RBI/2019-20/129 added a graded approach with four levels of compliance. Failure to comply carries real consequences: the RBI penalised AP Mahesh Co-operative Urban Bank Rs 65 lakh in June 2023 specifically for non-compliance with the basic and comprehensive cyber security frameworks, after an actual cyber security incident.
"The IT examination of the bank by RBI and an Investigation Report conducted in reference to a Cyber Security Incident revealed inter alia, that the bank had failed to put in place certain mandated controls which led to the cyber security incident." --- Penalty on AP Mahesh UCB (RBI imposes monetary penalty on Andhra Pradesh Mah)
This is the operational reality: a small bank with perhaps 50 employees must maintain the same KYC infrastructure, the same cyber security posture, and the same asset classification discipline as entities with thousands of staff. The RBI knows this, which is why the tiered framework exists. But even Tier 1 compliance is substantial.
What happens when a UCB tries to do forex?
Most UCBs cannot. Foreign exchange operations require an Authorised Dealer licence from the RBI under FEMA. The vast majority of UCBs hold no such licence. A handful of scheduled UCBs have historically held AD Category I licences, which permitted them to deal in export credit --- the January 2011 circular on rupee export credit for UCBs RBI/2010-11/367 was addressed specifically to scheduled primary UCBs holding AD Category I licences. But the number of UCBs with any forex capability has always been tiny relative to the 1,500-plus UCBs in the system. The restriction exists because forex operations require risk management infrastructure --- treasury desks, hedging capability, regulatory reporting under FEMA --- that most UCBs simply do not have. For the detailed framework on what authorised dealers actually do, see When a Co-operative Bank Does Forex.
What does an RBI inspection actually find?
The statutory inspection of a UCB follows the same Inspection for Supervisory Evaluation (ISE) process that applies to commercial banks, adapted for co-operative bank risk profiles. The inspection examines financial position as of a reference date, reviews compliance with every applicable direction, and produces a Risk Assessment Report. The findings are depressingly consistent across the sector.
The Salem UCB penalty cited above is a template: director lending, exposure breaches, KYC failures --- three of the most common violations in a single order. The Bombay Mercantile Co-operative Bank was penalised Rs 33.30 lakh in February 2025 for engaging in business not permissible under the Banking Regulation Act (RBI imposes monetary penalty on Bombay Mercantile). The Mehsana UCB was penalised in 2011 for violations including membership norms, non-banking business, and share linking (Reserve Bank of India penalises The Mehsana Urban). These are not isolated incidents. They represent the structural failure modes of co-operative banking: governance captured by insiders, compliance treated as paperwork rather than practice, and risk management that exists on paper but not in the loan sanction process.
For the full enforcement chain from inspection to penalty, see When the RBI Investigates Your Bank: The Complete Enforcement Chain.
What changed in April 2025 with the PCA framework?
Before April 2025, stressed UCBs were governed by the Supervisory Action Framework, introduced in January 2020 RBI/2019-20/135. The SAF was an internal RBI tool --- it imposed restrictions on UCBs that breached certain thresholds, but it lacked the structured escalation of the PCA frameworks used for commercial banks. In July 2024, the RBI replaced the SAF with a full Prompt Corrective Action Framework for UCBs RBI/2024-25/55, effective April 1, 2025.
The PCA framework tracks three indicators: CRAR, net NPA ratio, and net profit. It applies to all Tier 2, Tier 3, and Tier 4 UCBs. Three risk thresholds trigger escalating mandatory actions. At Risk Threshold 1, the bank must raise capital and cannot pay dividends. At Risk Threshold 2, branch expansion is restricted. At Risk Threshold 3, deposit growth itself is frozen. The discretionary menu goes further: the RBI can supersede the board under Section 36AAA, appoint additional directors, or push the bank toward amalgamation or conversion into a credit society.
"The objective of the PCA Framework is to enable supervisory intervention at an appropriate time and require the UCBs to initiate and implement remedial measures in a timely manner, to restore their financial health." --- PCA Framework for UCBs RBI/2024-25/55
The shift from SAF to PCA matters because it formalises what was previously discretionary. Under the SAF, a UCB breaching thresholds might face restrictions, or might not --- it depended on the supervisory judgment of the regional office. Under PCA, breach of any risk threshold may result in invocation. The framework creates automatic triggers that cannot be negotiated away. For a bank already struggling with a 7 per cent CRAR and a 10 per cent net NPA ratio, the PCA framework means that the next audited financial statement could trigger restrictions that make recovery harder, not easier. The exit requires four consecutive quarterly statements showing no breaches, one of which must be audited --- a standard that many stressed UCBs will find difficult to meet.
This is the regulatory reality of running a UCB in 2025. The co-operative structure that once gave these institutions flexibility and community connection has become the source of their vulnerability. The RBI's response has been to layer commercial bank-grade regulation onto institutions that were never built for it, creating an operational burden that the strongest UCBs absorb and the weakest cannot survive.
See also: The UCB Operational Chain
Last updated: April 2026