RBI annual report 2025: How it reveals the changing risks to digital trust in Indian banking

Yet beneath this momentum lies an equally important imperative: ensuring that scale is underpinned by stability, and that innovation is matched by institutional vigilance.

The Reserve Bank of India’s latest Annual Report offers a revealing lens on the evolving risk landscape. While the number of reported fraud cases declined by over a third in FY25, the aggregate value of frauds surged to over ₹36,000 crore—almost triple that of the previous year. This trend reflects a deeper shift: emerging frauds are more financially potent, operationally harder to detect, and in many cases traceable to earlier, unresolved incidents.

Importantly, much of the recorded spike stems from a reclassification of older cases, following a Supreme Court directive. But even adjusting for that, the directional risk trajectory is clear. The scale, sophistication, and speed of financial fraud are rising—testing the integrity of detection mechanisms, internal controls, and supervisory protocols.

This is not a critique of digitalisation per se. India’s digital public infrastructure—anchored by UPI, Aadhaar, and frictionless mobile banking—has enabled unprecedented inclusion. In FY24–25, digital payments grew by 34.8% in volume and 17.9% in value. With UPI accounting for 48.5% of global real-time payments by volume, India is now a global leader in digital finance.

Yet, as the RBI has rightly cautioned, this scale must be supported by robust operational resilience and inclusive access frameworks.

Digital transactions now dominate the fraud typology. Internet and card-based scams represent a growing proportion of reported cases. Though often individually small in value, they signal rising vulnerability at the consumer interface—particularly among users who are new to digital platforms and less equipped to manage risk.

Simultaneously, large-ticket credit frauds—disproportionately concentrated in public sector banks—continue to account for the bulk of financial losses. This duality highlights a structural dilemma: India’s banking system faces both high-frequency digital threats at the retail edge and high-value frauds within institutional credit.

Another critical concern is the delay in detection. Nearly 90% of the total fraud value reported last year pertains to incidents from previous financial years. In an ecosystem driven by real-time transactions, such lag in discovery exposes a serious weakness in monitoring architecture.

The RBI’s response has been forward-looking and systemically focused. Its regulatory roadmap demonstrates a strategic pivot—from reactive enforcement to proactive institutional capacity-building. Measures such as real-time name validation, public registries for authorised digital lending apps, AI-driven supervisory technology, and cyber-resilience testing environments point to a deliberate deepening of oversight infrastructure.

Alignment with the Digital Personal Data Protection Act further strengthens India’s consumer protection architecture. However, the effectiveness of this Act will depend on how grievances are addressed and resolved over time—not just how data rights are articulated in principle.

Crucially, the regulator’s pivot reflects a broader shift in approach: fraud mitigation today is not just a matter of compliance or punishment—it requires institutional agility, real-time intelligence, and embedded safeguards.

The way forward must rest on four foundational pillars:

• • Risk frameworks must be designed from first principles—not patched post-incident.
  • Public and private institutions must co-invest in mutual capabilities, building training, tools, and protocols for a shared digital future.
  • Consumer literacy must be embedded across all layers—not as voluntary outreach, but as a core institutional responsibility.
  • Trust must be treated not as a static asset, but as a dynamic contract—continually earned through conduct, responsiveness, and clarity.

India’s digital banking revolution is a story worth celebrating. It has expanded access, improved efficiency, and redefined convenience. But its sustainability will depend on the depth of institutional responsibility, the strength of process integrity, and the breadth of public understanding.

Each stakeholder in India’s digital financial ecosystem now carries a distinct and urgent responsibility:

• • The Regulator must continue to provide strategic clarity—ensuring that innovation does not outpace oversight. Systemic resilience must be built into the design of financial services architecture. As adoption accelerates, supervisory frameworks must remain anticipatory, technologically current, and enforcement-ready.
  • Banks and NBFCs must go beyond a compliance-first mindset and embed digital trust into the heart of their operations. Internal frameworks must be purpose-built for a digital-first environment. Are they deploying intelligent fraud detection systems that evolve with emerging threats? Are frontline teams equipped not only with tools, but with the judgment and empathy to resolve complaints swiftly and meaningfully? Are user interfaces inclusive and accessible to less tech-savvy populations? These are indicators of institutional digital maturity—not operational trivia.
  • Fintechs must uphold the principles of responsible disruption. Agility must be tempered by accountability. Growth cannot come at the cost of governance. Product design must be rooted in transparency, risk mitigation, and user-centricity—making security-by-design a baseline, not an afterthought. Regulatory arbitrage, if left unchecked, could compromise the legitimacy of the entire ecosystem.
  • Consumers, too, must evolve from passive users to informed participants. They need to be alert, literate, and equipped to navigate the platforms they use. No amount of regulation can compensate for a digitally unaware public. Shared responsibility must begin with shared awareness.
  • This collective stewardship model demands a mindset shift—from regulatory dependence to institutional maturity across the ecosystem. Regulators must develop dynamic risk models. Financial institutions must embed resilience into product design and delivery. Fintechs must internalise compliance frameworks from inception. And consumers must protect their own interests through awareness and action.

Ultimately, trust cannot be treated as a reputational artefact. It is a dynamic obligation—earned through every transaction, every complaint resolution, every service interface. For India’s digital finance model to scale with legitimacy, the system must demonstrate that velocity will never outrun vigilance, and that innovation will always be anchored in accountability.

—The author, Dr Srinath Sridharan, is a Corporate Advisor and Independent Director on Corporate Boards, and the author of the book titled Family and Dhanda. The views are personal.